Configuration considerations, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 960
935
Figure 409 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
•
Configure SecPath to work as the HTTPS server and request a certificate for SecPath.
•
Request a certificate for Host so that SecPath can authenticate the identity of Host.
•
Configure a CA server to issue certificates to SecPath and Host.
Configuration procedure
1.
Configure the HTTPS server on SecPath:
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
<SecPath> system-view
[SecPath] pki entity en
[SecPath-pki-entity-en] common-name http-server1
[SecPath-pki-entity-en] fqdn ssl.security.com
[SecPath-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the
entity for certificate request as en.
[SecPath] pki domain 1
[SecPath-pki-domain-1] ca identifier ca server
[SecPath-pki-domain-1] certificate request url
http://10.1.2.2/certsrv/mscep/mscep.dll
[SecPath-pki-domain-1] certificate request from ra
[SecPath-pki-domain-1] certificate request entity en
[SecPath-pki-domain-1] quit
# Create the local RSA key pairs.
[SecPath] public-key local create rsa
# Retrieve the CA certificate.
[SecPath] pki retrieval-certificate ca domain 1
# Request a local certificate for SecPath.
[SecPath] pki request-certificate domain 1
# Create an SSL server policy named myssl.
[SecPath] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[SecPath-ssl-server-policy-myssl] pki-domain 1