Client-Verify - HP FlexNetwork MSR Series Command Reference Manual

Examples
# Configure SSL server policy policy1 to support the following cipher suites:
•
Key exchange algorithm DHE RSA, data encryption algorithm 128-bit AES, and MAC algorithm
SHA.
•
Key exchange algorithm RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite dhe_rsa_aes_128_cbc_sha
rsa_aes_128_cbc_sha
Related commands
display ssl server-policy
prefer-cipher

client-verify

Use client-verify to enable mandatory or optional SSL client authentication.
Use undo client-verify to restore the default.
Syntax
client-verify { enable | optional }
undo client-verify [ enable ]
Default
SSL client authentication is disabled. The SSL server does not authenticate SSL clients based on
digital certificates.
Views
SSL server policy view
Predefined user roles
network-admin
Parameters
enable: Enables mandatory SSL client authentication.
optional: Enables optional SSL client authentication.
Usage guidelines
SSL uses digital certificates to authenticate communicating parties. For more information about
digital certificates, see Security Configuration Guide.
Mandatory SSL client authentication—The SSL server requires an SSL client to submit its digital
certificate for identity authentication. The SSL client can access the SSL server only after it passes
identity authentication.
Optional SSL client authentication—The SSL server does not require an SSL client to submit its
digital certificate for identity authentication.
•
If an SSL client submits its certificate to the SSL server, the server authenticates the client
identity. The client must pass authentication to access the server.
•
If an SSL client does not submit its certificate to the SSL server, the server does not
authenticate the client identity. The client can access the SSL server without authentication.
646