Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
Configuration prerequisites
If the SSL server is configured to authenticate the SSL client, you must configure the PKI domain for the
SSL client policy to use to obtain the certificate of the client. For more information, see
PKI."
Configuration procedure
To do...
1.
Enter system view.
2.
Create an SSL client policy
and enter its view.
Specify a PKI domain for the
3.
SSL client policy.
4.
Specify the preferred cipher
suite for the SSL client policy.
5.
Specify the SSL protocol
version for the SSL client
policy.
6.
Enable certificate-based SSL
server authentication.
NOTE:
If you enable client authentication on the server, you must request a local certificate for the client.
Displaying and maintaining SSL
To do...
Display SSL server policy
information
Display SSL client policy
information
Command...
system-view
ssl client-policy policy-name
pki-domain domain-name
prefer-cipher { rsa_3des_ede_cbc_sha
| rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha | rsa_rc4_128_md5
| rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
server-verify enable
Command...
display ssl server-policy { policy-name
| all } [ | { begin | exclude | include }
regular-expression ]
display ssl client-policy { policy-name |
all } [ | { begin | exclude | include }
regular-expression ]
343
"Configuring
Remarks
—
Required.
Optional.
No PKI domain is configured
by default.
Optional.
rsa_rc4_128_md5 by
default.
Optional.
TLS 1.0 by default.
Optional.
Enabled by default.
Remarks
Available in any view