348
Ste
Command
Remarks
9. Enable SSL client weak
authentication.
client-verify weaken
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
SSL server policy configuration example
Network requirements
As shown in Figure 107, users need to access and control the device through web pages.
For security of the device and to make sure that data is not eavesdropped or tampered with, configure the
device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the
web interface of the device.
Figure 107 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
• Configure Device to work as the HTTPS server and request a certificate for Device.
• Request a certificate for Host so that Device can authenticate the identity of Host.
• Configure a CA server to issue certificates to Device and Host.
Configuration procedure
In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.
Before performing the following configurations, make sure the switch, the host, and the CA server can
reach each other.
1. Configure the HTTPS server (Device):
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
To Next Page
Loading...
Need help?
General