Step
3.
Specify a PKI domain for the
SSL client policy.
4.
Specify the preferred cipher
suite for the SSL client policy.
5.
Specify the SSL protocol
version for the SSL client
policy.
6.
Enable the SSL client to
perform certificate-based
authentication for the SSL
server.
Displaying and maintaining SSL
Task
Display SSL server policy
information.
Display SSL client policy
information.
Troubleshooting SSL
Symptom
As the SSL server, the switch fails to handshake with the SSL client.
Command
pki-domain domain-name
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
server-verify enable
Command
display ssl server-policy
{ policy-name | all } [ | { begin |
exclude | include }
regular-expression ]
display ssl client-policy
{ policy-name | all } [ | { begin |
exclude | include }
regular-expression ]
221
Remarks
Optional.
No PKI domain is configured by
default.
After you specify a PKI domain, the
SSL client requests a certificate
through the PKI domain.
If the SSL server requires
certificate-based authentication for
SSL clients, you must use this
command to specify a PKI domain
for the client.
For more information about PKI
domain configuration, see
"Configuring
PKI."
Optional.
rsa_rc4_128_md5 by default.
Optional.
TLS 1.0 by default.
Optional.
Enabled by default.
Remarks
Available in any view
Available in any view