Troubleshooting web login, Cannot access the device through the web interface, Symptom – H3C Technologies H3C SecPath F1000-E User Manual

Page 50

Advertising
background image

42

# Create a certificate attribute-based access control policy myacp. Configure a certificate

attribute-based access control rule, specifying that a certificate is considered valid when it matches
an attribute rule in certificate attribute group myacp.

[SecPath] pki certificate access-control-policy myacp
[SecPath-pki-cert-acp-myacp] rule 1 permit mygroup1
[SecPath-pki-cert-acp-myacp] quit

# Associate the HTTPS service with SSL server policy myssl.

[SecPath] ip https ssl-server-policy myssl

# Associate the HTTPS service with certificate attribute-based access control policy myacp.

[SecPath] ip https certificate access-control-policy myacp

# Enable the HTTPS service.

[SecPath] ip https enable

# Create a local user named usera, set the password to 123 for the user, and specify the Web
service type for the local user.

[SecPath] local-user usera
[SecPath-luser-usera] password simple 123
[SecPath-luser-usera] service-type web
[SecPath-luser-usera] authorization-attribute level 3

2.

Configure the host that acts as the HTTPS client:
On the host, run the IE browser. In the address bar, enter http://10.1.2.2/certsrv and request a
certificate for the host as prompted.

3.

Verify the configuration:
Enter https://10.1.1.1 in the address bar, and select the certificate issued by new-ca. Then the
Web login page of the Device appears. On the login page, enter the username usera, and

password 123 to enter the Web management page.

NOTE:

To log in to the Web interface through HTTPS, enter the URL address starting with https://. To log in to
the Web interface through HTTP, enter the URL address starting with http://.

For more information about PKI configuration commands, see

VPN Command Reference.

For more information about SSL configuration commands, see

Network Management Command

Reference.

Troubleshooting Web login

Cannot access the device through the Web interface

Symptom

You can ping the device successfully, and log in to the device through Telnet. HTTP is enabled and the

operating system and browser version meet the Web interface requirements. However, you cannot

access the Web interface of the device.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals