Configuring HTTPS login
Step
1.
Enter system view.
2.
Configure PKI and
SSL related features.
3.
Associate the HTTPS
service with an SSL
server policy.
4.
Enable the HTTPS
service.
Command
system-view
—
ip https ssl-server-policy
policy-name
ip https enable
66
Remarks
—
Required
By default, PKI and SSL are not configured.
•
For more information about PKI, see Security
Configuration Guide.
•
For more information about SSL, see Security
Configuration Guide.
Required
By default, the HTTPS service is not associated with
any SSL server policy.
•
If you disable the HTTPS service, the system
automatically de-associates the HTTPS service from
the SSL service policy. Before re-enabling the
HTTPS service, associate the HTTPS service with an
SSL server policy first.
•
Any changes to the SSL server policy associated
with the HTTP service that is enabled do not take
effect.
Required
Disabled by default.
Enabling the HTTPS service triggers an SSL handshake
negotiation process. During the process:
•
If the local certificate of the device exists, the SSL
negotiation succeeds, and the HTTPS service can
be started normally.
•
If no local certificate exists, a certificate application
process is triggered by the SSL negotiation.
Because the application process takes much time, the
SSL negotiation often fails and the HTTPS service
cannot be started normally. In that case, you must run
ip https enable multiple times to start the HTTPS
service.