Ssl Server Policy Configuration Example - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Step
9.
Enable SSL client weak
authentication.
SSL server policy configuration example
Network requirements
As shown in
For security of the device and to make sure that data is not eavesdropped or tampered with, configure the
device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the
web interface of the device.
Figure 107 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
Configure Device to work as the HTTPS server and request a certificate for Device.
•
•
Request a certificate for Host so that Device can authenticate the identity of Host.
Configure a CA server to issue certificates to Device and Host.
•
Configuration procedure
In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.
Before performing the following configurations, make sure the switch, the host, and the CA server can
reach each other.
1.
Configure the HTTPS server (Device):
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
Figure
107, users need to access and control the device through web pages.
Command
client-verify weaken
348
Remarks
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
Advertisement
Table of Contents
Troubleshooting
