Configuring An Ssl Client Policy - HP FlexFabric 5930 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5930 Series:
- Configuration manuals (467 pages) ,
- Command reference manual (87 pages) ,
- Installation manual (73 pages)
Table of Contents
Advertisement
Step
3.
(Optional.) Specify a PKI
domain for the SSL server policy.
4.
Specify the cipher suites that the
SSL server policy supports.
5.
Set the maximum number of
sessions that the SSL server can
cache.
6.
Enable the SSL server to
authenticate SSL clients through
digital certificate.
Configuring an SSL client policy
An SSL client policy comprises a set of SSL parameters that the client uses to establish a connection to the
server. An SSL client policy takes effect only after it is associated with an application such as the DDNS.
To configure an SSL client policy:
Step
1.
Enter system view.
2.
Create an SSL client policy and
enter its view.
Command
pki-domain domain-name
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
session cachesize size
client-verify enable
Command
system-view
ssl client-policy policy-name
140
Remarks
By default, no PKI domain is
specified for an SSL server
policy.
If SSL clients authenticate the
server through a digital
certificate, you must use this
command to specify a PKI
domain and request a local
certificate for the SSL server
through the PKI domain.
For information about how to
create and configure a PKI
domain, see
"Configuring
By default, an SSL server policy
supports all cipher suites.
By default, an SSL server can
cache 500 sessions at most.
The default setting is disabled.
Remarks
N/A
By default, no SSL client policy
exists on the device.
PKI."
Advertisement
Table of Contents
Troubleshooting
