Ssl Server Policy Configuration Example - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
Step
8.
Enable the SSL server to
perform digital
certificate-based
authentication for SSL clients.
9.
Enable SSL client weak
authentication.
SSL server policy configuration example
Network requirements
As shown in
For security of the device and to make sure that data is not eavesdropped or tampered with, configure the
device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the
web interface of the device.
Figure 108 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
Configure Device to work as the HTTPS server and request a certificate for Device.
•
Request a certificate for Host so that Device can authenticate the identity of Host.
•
•
Configure a CA server to issue certificates to Device and Host.
Configuration procedure
In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.
Before performing the following configurations, make sure the switch, the host, and the CA server can
reach each other.
1.
Configure the HTTPS server (Device):
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
<Device> system-view
[Device] pki entity en
Figure
108, users need to access and control the device through web pages.
Command
client-verify enable
client-verify weaken
345
Remarks
Optional.
By default, the SSL server does not
require clients to be authenticated.
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
