HP 6125G Configuration Manual page 228

Step
3. Specify a PKI domain for the
SSL server policy.
4. Specify the cipher suite(s) for
the SSL server policy to
support.
5. Set the handshake timeout
time for the SSL server.
6. Set the SSL connection close
mode.
7. Set the maximum number of
cached sessions and the
caching timeout time.
8. Enable the SSL server to
perform digital
certificate-based
authentication for SSL clients.
9. Enable SSL client weak
authentication.
Command
pki-domain domain-name
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
handshake timeout time
close-mode wait
session { cachesize size | timeout
time } *
client-verify enable
client-verify weaken
218
Remarks
Optional.
By default, no PKI domain is
specified for an SSL server policy.
The SSL server generates a
certificate itself instead of
requesting one from the CA.
After you specify a PKI domain, the
SSL server requests a certificate
through the PKI domain.
If the client requires
certificate-based authentication for
the SSL server, you must use this
command to specify a PKI domain.
For more information about PKI
domain configuration, see
"Configuring PKI."
Optional.
By default, an SSL server policy
supports all cipher suites.
Optional.
3,600 seconds by default.
Optional.
Not wait by default.
Optional.
The defaults are as follows:
•
500 for the maximum number
of cached sessions.
•
3600 seconds for the caching
timeout time.
Optional.
By default, the SSL server does not
require clients to be authenticated.
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.