310
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Create the local RSA key pairs.
[Device] public-key local create rsa
# Retrieve the CA certificate.
[Device] pki retrieval-certificate ca domain 1
# Request a local certificate for Device.
[Device] pki request-certificate domain 1
# Create an SSL server policy named myssl.
[Device] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Device-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[Device-ssl-server-policy-myssl] client-verify enable
[Device-ssl-server-policy-myssl] quit
# Configure HTTPS service to use SSL server policy myssl.
[Device] ip https ssl-server-policy myssl
# Enable HTTPS service.
[Device] ip https enable
# Create a local user named usera, and set the password to 12 3 and service type to telnet.
[Device] local-user usera
[Device-luser-usera] password simple 123
[Device-luser-usera] service-type telnet
2. Configure the HTTPS client (Host)
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for Host as
prompted.
3. Verify your configuration
Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued by the CA
server. The web interface of the switch should appear. After entering username usera and password 123 ,
you should be able to log in to the web interface to access and manage the switch.
NOTE:
• For more information about PKI configuration commands, see the chapter “PKI
configuration.”
• For more information about the public-key local create rsa command, see
Security Command
Reference
.
• For more information about HTTPS, see
Fundamentals Configuration Guide
.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To Next Page
Loading...
Need help?
General