Table of Contents
Advertisement
If you enable client authentication here, you must request a local certificate for the client.
Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0
corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clients
running SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a client
running SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carried
in the packet that the client sends to the server), the server will notify the client to use SSL 3.0 or
TLS 1.0 to communicate with the server.
SSL Server Policy Configuration Example
Network requirements
Device works as the HTTPS server.
A host works as the client and accesses the HTTPS server through HTTP secured with SSL.
A certificate authority (CA) issues a certificate to Device.
In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA.
Figure 1-3 Network diagram for SSL server policy configuration
Configuration procedure
1)
Request a certificate for Device
# Create a PKI entity named en and configure it.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
1-4
Advertisement
Chapters
Table of Contents
Troubleshooting
