309
SSL server policy configuration example
Network requirements
As shown in Figure 118, users need to access and control the device through web pages.
For security of the device and to make sure that data is not eavesdropped or tampered with, configure the
device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the
web interface of the device.
Figure 118 Network diagram
10.1.1.1/24
10.1.2.1/24
Host CA
10.1.1.2/24 10.1.2.2/24
Device
Configuration considerations
To achieve the goal, perform the following configurations:
• Configure Device to work as the HTTPS server and request a certificate for Device.
• Request a certificate for Host so that Device can authenticate the identity of Host.
• Configure a CA server to issue certificates to Device and Host.
Configuration procedure
NOTE:
• In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.
• Before performing the following configurations, make sure that the switch, the host, and the CA server
can reach each other.
1. Configure the HTTPS server (Device)
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN as
ssl.security.com.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the entity for
certificate request as en.
[Device] pki domain 1
[Device-pki-domain-1] ca identifier ca server
[Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
To Next Page
Loading...
Need help?
General