Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-6

[Device-ssl-server-policy-myssl] quit

# Configure HTTPS service to use SSL server policy myssl.

[Device] ip https ssl-server-policy myssl

# Enable HTTPS service.

[Device] ip https enable

# Create a local user named usera, and set the password to 123 and service type to telnet.

[Device] local-user usera

[Device-luser-usera] password simple 123

[Device-luser-usera] service-type telnet

2) Configure the HTTPS client (Host)

On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for Host as

prompted.

3) Verify your configuration

Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued by the

CA server. The Web interface of Device should appear. After entering username usera and password

123, you should be able to log in to the Web interface to access and manage Device.

z

For details about PKI configuration commands, see PKI Commands.

z

For details about the public-key local create rsa command, see Public Key Commands.

z

For details about HTTPS, see HTTP Configuration.

Configuring an SSL Client Policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL

client policy takes effect only after it is associated with an application layer protocol.

Configuration Prerequisites

If the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy,

you need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore,

before configuring an SSL client policy, you must configure a PKI domain. For details about PKI domain

configuration, see PKI Configuration.

Configuration Procedure

Follow these steps to configure an SSL client policy:

To do…

Use the command…

Remarks

Enter system view

system-view

—