Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

1-3

Configuration Prerequisites

When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the

server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI

domain..

Configuration Procedure

Follow these steps to configure an SSL server policy:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create an SSL server policy
and enter its view

ssl server-policy policy-name

Required

Specify a PKI domain for the
SSL server policy

pki-domain domain-name

Required

By default, no PKI domain is
specified for an SSL server
policy.

Specify the cipher suite(s) for
the SSL server policy to
support

ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *

Optional

By default, an SSL server
policy supports all cipher
suites.

Set the handshake timeout time
for the SSL server

handshake timeout time

Optional

3,600 seconds by default

Configure the SSL connection
close mode

close-mode wait

Optional

Not wait by default

Set the maximum number of
cached sessions and the
caching timeout time

session { cachesize size |
timeout time } *

Optional

The defaults are as follows:

500 for the maximum number
of cached sessions,

3600 seconds for the caching
timeout time.

Enable certificate-based SSL
client authentication

client-verify enable

Optional

Not enabled by default