Step
6.
Specify the SSL protocol
version for the SSL client
policy.
7.
Enable the SSL client to
authenticate servers through
digital certificates.
Displaying and maintaining SSL
Execute display commands in any view.
Task
Display cryptographic library version information.
Display SSL server policy information.
Display SSL client policy information.
SSL server policy configuration example
Network requirements
As shown in
To protect the device and prevent data from being eavesdropped or tampered with, configure the
device to be accessible through HTTPS only.
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Figure 110 Network diagram
10.1.1.1/24
10.1.1.2/24
Host
Configuration considerations
To meet the network requirements, perform the following tasks:
•
Configure the device as the HTTPS server and request a server certificate for the device. For
more information about HTTPS, see Fundamentals Configuration Guide.
•
Request a client certificate for the host so that the device can authenticate the identity of the
host.
Figure
110, users need to access and manage the device through the Web interface.
Device
10.1.2.1/24
10.1.2.2/24
CA
Command
•
In non-FIPS mode:
version { ssl3.0 | tls1.0 |
tls1.1 | tls1.2 }
•
In FIPS mode:
version { tls1.0 | tls1.1 |
tls1.2 }
server-verify enable
Command
display crypto version
display ssl server-policy [ policy-name ]
display ssl client-policy [ policy-name ]
375
Remarks
By default, an SSL client policy
uses TLS 1.0.
To ensure security, do not
specify SSL 3.0 for an SSL client
policy.
By default, SSL server
authentication is enabled.