Table of Contents
Advertisement
[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca
[Device-pki-cert-attribute-group-mygroup1] quit
# Create a certificate attribute-based access control policy myacp. Configure a certificate
attribute-based access control rule, specifying that a certificate is considered valid when it
matches an attribute rule in certificate attribute group myacp.
[Device] pki certificate access-control-policy myacp
[Device-pki-cert-acp-myacp] rule 1 permit mygroup1
[Device-pki-cert-acp-myacp] quit
# Associate the HTTPS service with SSL server policy myssl.
[Device] ip https ssl-server-policy myssl
# Associate the HTTPS service with certificate attribute-based access control policy myacp.
[Device] ip https certificate access-control-policy myacp
# Enable the HTTPS service.
[Device] ip https enable
# Create a local user named usera, set the password to 123, specify the Web service type, and
specify the user privilege level 3. A level-3 user can perform all operations supported by the
device.
[Device] local-user usera
[Device-luser-usera] password simple 123
[Device-luser-usera] service-type web
[Device-luser-usera] authorization-attribute level 3
2.
Configure the host (HTTPS client):
On the host, run the IE browser, and then enter http://10.1.2.2/certsrv in the address bar and
request a certificate for the host as prompted.
3.
Verify the configuration:
Enter https://10.1.1.1 in the address bar, and select the certificate issued by new-ca. When the
Web login page of the device appears, enter the username usera and password 123 to log in to
the Web management page.
For more information about PKI configuration commands, SSL configuration commands, and the
public-key local create rsa command, see Security Command Reference.
55
Advertisement
Table of Contents
