Displaying And Maintaining Ssl; Troubleshooting Ssl - 3Com Switch 4800G 24-Port Configuration Manual

Configuration
Prerequisites
Configuration Procedure
Displaying and
Maintaining SSL

Troubleshooting SSL

SSL Handshake Failure
Before configuring an SSL client policy, you must configure a PKI domain. For
details about PKI domain configuration, refer to "Configuring a PKI Domain" on
page 1223.
Follow these steps to configure an SSL client policy:
To do...
Enter system view
Create an SSL client policy
and enter its view
Specify a PKI domain for the
SSL client policy
Specify the preferred cipher
suite for the SSL client policy
Specify the SSL protocol
version for the SSL client
policy
n
If you enable client authentication on the server, you must request a local
certificate for the client.
To do...
Display SSL server policy
information
Display SSL client policy
information
Symptom
As the SSL server, the device fails to handshake with the SSL client.
Analysis
SSL handshake failure may result from the following causes:
No SSL server certificate exists, or the certificate is not trusted.
■
The server is expected to authenticate the client, but the SSL client has no
■
certificate or the certificate is not trusted.
The cipher suites used by the server and the client do not match.
■
Solution
1 You can issue the debugging ssl command and view the debugging information
to locate the problem:
2 If the SSL server has no certificate, request one for it.

Displaying and Maintaining SSL

Use the command...
system-view
ssl client-policy policy-name Required
pki-domain domain-name
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
Use the command...
display ssl server-policy { policy-name |
all }
display ssl client-policy { policy-name |
all }
1211
Remarks
-
Required
No PKI domain is configured
by default.
Optional
rsa_rc4_128_md5 by default
Optional
TLS 1.0 by default
Remarks
Available in any
view