client-verify enable
Syntax
client-verify enable
undo client-verify enable
View
SSL server policy view
Default level
2: System level
Parameters
None
Description
Use the client-verify enable command to configure the SSL server to require the client to pass
certificate-based authentication.
Use the undo client-verify enable command to restore the default.
By default, the SSL server does not require certificate-based SSL client authentication.
If you configure the client-verify enable command and enable the SSL client weak authentication function,
whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the
client must pass authentication before accessing the SSL server; otherwise, the client can access the SSL
server without authentication.
If you configure the client-verify enable command but disable the SSL client weak authentication function,
the SSL client must pass authentication before accessing the SSL server.
Related commands: client-verify weaken and display ssl server-policy.
Examples
# Configure the SSL server to require certificate-based SSL client authentication.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] client-verify enable
client-verify weaken
Syntax
client-verify weaken
undo client-verify weaken
View
SSL server policy view
Default level
2: System level
Parameters
None
279