Step
6.
Specify the SSL protocol
version for the SSL client
policy.
7.
Enable the SSL client to
authenticate servers through
digital certificates.
Displaying and maintaining SSL
Execute display commands in any view.
Task
Display cryptographic library version information.
Display SSL server policy information.
Display SSL client policy information.
SSL server policy configuration example
Network requirements
As shown in
To protect the device and prevent data from being eavesdropped or tampered with, configure the
device to be accessible to users through HTTPS only.
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Figure 76 Network diagram
Configuration considerations
To meet the network requirements, perform the following tasks:
•
Configure the device as the HTTPS server and request a server certificate for the device. For
more information about HTTPS, see Fundamentals Configuration Guide.
•
Request a client certificate for the host so that the device can authenticate the identity of the
host.
Figure
76, users need to access and control the device through the Web interface.
Command
•
In non-FIPS mode:
version { ssl3.0 | tls1.0 |
tls1.1 | tls1.2 }
•
In FIPS mode:
version { tls1.0 | tls1.1 |
tls1.2 }
server-verify enable
Command
display crypto version
display ssl server-policy [ policy-name ]
display ssl client-policy [ policy-name ]
239
Remarks
By default, an SSL client policy
uses TLS 1.0.
As a best practice to ensure
security, do not specify SSL 3.0
for the SSL client policy.
By default, SSL server
authentication is enabled.