Configuring An Ssl Client Policy - H3C S5500-SI Series Operation Manual

[Device] pki domain 1
[Device-pki-domain-1] ca identifier ca1
[Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Create the local RSA key pairs.
[Device] public-key local create rsa
# Retrieve the CA certificate.
[Device] pki retrieval-certificate ca domain 1
# Request a local certificate.
[Device] pki request-certificate domain 1
2) Configure an SSL server policy
# Create an SSL server policy named myssl.
[Device] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Device-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[Device-ssl-server-policy-myssl] client-verify enable
[Device-ssl-server-policy-myssl] quit
3) Associate HTTPS service with the SSL server policy and enable HTTPS service
# Configure HTTPS service to use SSL server policy myssl.
[Device] ip https ssl-server-policy myssl
# Enable HTTPS service.
[Device] ip https enable
4) Verify your configuration
Launch IE on the host and enter https://10.1.1.1 in the address bar. You should be able to log in to
Device and manage it.
For details about PKI configuration commands, refer to PKI Commands in the Security Volume.
For details about the public-key local create rsa command, refer to Public Key Commands in the
Security Volume.
For details about HTTPS, refer to HTTP Configuration in the System Volume.

Configuring an SSL Client Policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
1-5