Configuring An Ssl Server Policy - HP 4800G Series Configuration Manual

Configuring an SSL Server Policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for
example.
Configuration Prerequisites
When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the
server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI
domain. For details about PKI domain configuration, refer to PKI Configuration in the Security Volume.
Configuration Procedure
Follow these steps to configure an SSL server policy:
To do...
Enter system view
Create an SSL server policy
and enter its view
Specify a PKI domain for the
SSL server policy
Specify the cipher suite(s) for
the SSL server policy to
support
Set the handshake timeout time
for the SSL server
Configure the SSL connection
close mode
Set the maximum number of
cached sessions and the
caching timeout time
Enable certificate-based SSL
client authentication
Use the command...
system-view
ssl server-policy policy-name
pki-domain domain-name
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
handshake timeout time
close-mode wait
session { cachesize size |
timeout time } *
client-verify enable
1-3
Remarks
—
Required
Required
By default, no PKI domain is
specified for an SSL server
policy.
Optional
By default, an SSL server
policy supports all cipher
suites.
Optional
3,600 seconds by default
Optional
Not wait by default
Optional
The defaults are as follows:
500 for the maximum number
of cached sessions,
3600 seconds for the caching
timeout time.
Optional
Not enabled by default