Applicable Environment
The SSL protocol uses data encryption, identity authentication, and message integrity check to
ensure security of TCP-based application layer protocols. To use an AR1200-S as an SSL server,
configure a server SSL policy on the AR1200-S. A server SSL policy can be applied to
application layer protocols such as HTTP to provide secure connections.
Figure 11-2 AR1200-S functions as an SSL server
Internet
SSL server
SSL client
As shown in Figure 11-2, the AR1200-S functions as an SSL server and has a server SSL policy
configured. During an SSL handshake, the AR1200-S uses the SSL parameters in the server SSL
policy to negotiate session parameters with an SSL client. After the handshake is complete, the
AR1200-S establishes a session with the client.
The AR1200-S is authenticated by the SSL client, but it cannot authenticate the client.
NOTE
When functioning as an SSL server, the AR1200-S can communicate with SSL clients running SSL3.0, TLS1.0,
or TLS 1.1. The AR1200-S determines the SSL protocol version used for this communication and sends a Server
Hello message to notify the client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ssl policy policy-name type server
A server SSL policy is created.
Step 3 Run:
pki-realm realm-name
A PKI domain is specified for the server SSL policy.
By default, no PKI domain is specified for a server SSL policy on the AR1200-S.
NOTE
The AR1200-S obtains a digital certificate from a CA in the specified PKI domain. Clients can then authenticate
the AR1200-S by checking the digital certificate.
Step 4 (Optional) Run:
session { cachesize size | timeout time }
*
The maximum number of sessions that can be saved and the timeout period of a saved session
are set.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 11 SSL Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
221
To Next Page
Loading...
Need help?
General
