H3C WA Series Fundamentals Configuration Manual page 108

Wlan access points

Hide thumbs Also See for WA Series:

Layer 2 command reference (133 pages)

Command reference manual (105 pages)

Configuration manual (84 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

page of 137

/ 137
Contents
Table of Contents
Bookmarks

Table of Contents

[Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

[Device-pki-domain-1] quit

# Generate a local RSA key pair.

[Device] public-key local create rsa

# Retrieve a CA certificate.

[Device] pki retrieval-certificate ca domain 1

# Request a local certificate for Device.

[Device] pki request-certificate domain 1

# Configure an SSL server policy myssl, specify PKI domain 1 for it, and enable the SSL server to

perform certificate-based authentication of the client.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

# Configure certificate attribute group mygroup1, and configure the attribute rules, specifying that the

Distinguished Name (DN) in the issuer name includes new-ca.

[Device] pki certificate attribute-group mygroup1

[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-pki-cert-attribute-group-mygroup1] quit

# Create certificate access control policy myacp and create a control rule, specifying that a certificate is

considered valid when it matches the attribute rule in certificate attribute group mygroup.

[Device] pki certificate access-control-policy myacp

[Device-pki-cert-acp-myacp] rule 1 permit mygroup1

[Device-pki-cert-acp-myacp] quit

# Associate the HTTPS service with the SSL server policy myssl.

[Device] ip https ssl-server-policy myssl

# Associate the HTTPS service with certificate attribute access control policy myacp, ensuring that only

HTTPS clients retrieving a certificate from new-ca can access the HTTPS server.

[Device] ip https certificate access-control-policy myacp

# Enable the HTTPS service.

[Device] ip https enable

# Create a local user usera, set the password to 123, and service type to telnet.

[Device] local-user usera

[Device-luser-usera] password simple 123

[Device-luser-usera] service-type telnet

Configure the HTTPS client Host

Open the IE on Host, type http://10.1.2.2/certsrv, and request a certificate for Host as prompted.

Verify the configuration

Open the IE explorer on Host, enter https://10.1.1.1, select the certificate issued by new-ca for Host,

and then you can log in to Device. On the login page, type username usera, and password 123, and

then you can enter the Web configuration page of Device to access and control it.

13-6

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Wa2200 series Wa2600 series Wa2210-ag Wa2220-ag Wa2210x-g Wa2220x-ag ... Show all

H3C WA Series Fundamentals Configuration Manual page 108

Hide quick links:

Related Manuals for H3C WA Series

Related Products for H3C WA Series

This manual is also suitable for:

Table of Contents