Ssl Configuration Task List; Configuring An Ssl Server Policy; Configuration Prerequisites; Configuration Procedure - H3C S3610-28P Operation Manual

Operation Manual – SSL-HTTPS
H3C S3610&S5510 Series Ethernet Switches
SSL change cipher spec protocol: Used for notification between a client and the
server that the subsequent packets are to be protected and transmitted based on
the newly negotiated cipher suite and key.
SSL alert protocol: Allowing a client and the server to send alert messages to each
other. An alert message contains the alert severity level and a description.
SSL record protocol: Fragmenting and compressing data to be transmitted,
calculating and adding MAC to the data, and encrypting the data before
transmitting it to the peer end.

1.2 SSL Configuration Task List

Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:

Configuring an SSL Server Policy

Configuring an SSL Client Policy
1.3 Configuring an SSL Server Policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An
SSL server policy takes effect only after it is associated with an application layer
protocol, HTTP protocol, for example.

1.3.1 Configuration Prerequisites

Before configuring an SSL server policy, you must configure a PKI (public key
infrastructure) domain.

1.3.2 Configuration Procedure

Follow these steps to configure an SSL server policy:
Enter system view
Create an SSL server
policy and enter its view
Specify a PKI domain for
the SSL server policy
Task
To do...
system-view
ssl server-policy
policy-name
pki-domain
domain-name
Required
Optional
Use the command...
1-2
Chapter 1 SSL Configuration
Remarks
Remarks
—
Required
Required
By default, no PKI domain
is specified for an SSL
server policy.