H3C Technologies H3C S3100 Series Switches User Manual

1-5

[Device] pki retrieval-certificate ca domain 1

# Apply for a local certificate.

[Device] pki request-certificate domain 1

2) Configure an SSL server policy associated with the HTTPS service

# Configure an SSL server policy.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

3) Configure a certificate access control policy

# Configure a certificate attribute group.

[Device] pki certificate attribute-group mygroup1

[Device-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-cert-attribute-group-mygroup1] quit

# Configure certificate access control policy myacp and create a control rule.

[Device] pki certificate access-control-policy myacp

[Device-pki-cert-acp-myacp] rule 1 permit mygroup1

[Device-pki-cert-acp-myacp] quit

4) Reference an SSL server policy

# Associate the HTTPS service with the SSL server policy myssl.

[Device] ip https ssl-server-policy myssl

5) Associate the HTTPS service with a certificate attribute access control policy

# Associate the HTTPS service with certificate attribute access control policy myacp.

[Device] ip https certificate access-control-policy myacp

6) Enable the HTTPS service

# Enable the HTTPS service.

[Device] ip https enable

7) Verify the configuration

Launch the IE explorer on Host, and enter https://10.1.1.1. You can log in to Device and control it.

z

The URL of the HTTPS server starts with https://,

z

For details of PKI commands, refer to PKI Commands.

z

For details of SSL commands, refer to SSL Commands.