311
Configuration prerequisites
If the SSL server is configured to authenticate the SSL client, you must configure the PKI domain for the SSL
client policy to use to obtain the certificate of the client. For more information about PKI domain
configuration, see the chapter “PKI configuration.”
Configuration procedure
Follow these steps to configure an SSL client policy:
To do… Use the command…
Remarks
Enter system view system-view —
Create an SSL client policy and
enter its view
ssl client-policy
policy-name Required
Specify a PKI domain for the SSL
client policy
pki-domain domain-name
Optional
No PKI domain is configured by
default.
Specify the preferred cipher suite
for the SSL client policy
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
Optional
rsa_rc4_128_md5 by default
Specify the SSL protocol version for
the SSL client policy
version { ssl3.0 | tls1.0 }
Optional
TLS 1.0 by default
Enable certificate-based SSL server
authentication
server-verify enable
Optional
Enabled by default
NOTE:
If you enable client authentication on the server, you must request a local certificate for the client.
Displaying and maintaining SSL
To do… Use the command… Remarks
Display SSL server policy
information
display ssl server-policy
{ policy-name | all } [ | { begin |
exclude | include }
regular-expression ]
Available in any view
Display SSL client policy
information
display ssl client-policy
{ policy-name | all } [ | { begin |
exclude | include }
regular-expression ]
To Next Page
Loading...
Need help?
General