Ssl Server Policy Configuration Example - H3C S3100 Series Operation Manual

If you enable client authentication here, you must request a local certificate for the client.
Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0
corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clients
running SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a client
running SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carried
in the packet that the client sends to the server), the server will notify the client to use SSL 3.0 or
TLS 1.0 to communicate with the server.

SSL Server Policy Configuration Example

Network requirements
The switch offers Web authentication to preform access authentication for clients.
The client opens the authentication page in SSL-based HTTPS mode, thus guaranteeing
information transmission security.
A CA issues a certificate to Switch.
In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA.
Figure 1-3 Network diagram for SSL server policy configuration
Configuration procedure
1) Request a certificate for Switch
# Create a PKI entity named en and configure it.
<Switch> system-view
[Switch] pki entity en
[Switch-pki-entity-en] common-name http-server1
[Switch-pki-entity-en] fqdn ssl.security.com
1-4