Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a PKI entity and a PKI domain.
2. Configure a server SSL policy.
3. Configure the Router as an HTTPS server.
Data Preparation
To complete the configuration, you need the following data:
l Router's interface connected to the Internet: Ethernet1/0/0
l IP address of Ethernet1/0/0: 11.1.1.1/24
l IP address of the CA: 11.137.145.158/24
l PKI parameters, as shown in the following table.
Item Data
PKI entity PKI entity name: users
l Entity's common name: hello
l Entity's country code: CN
l Entity's province name: jiangsu
l Entity's organization name: huawei
l Entity's department name: info
PKI domain
PKI domain name: users
l Trusted CA: ca_root
l Certificate's enrollment URL: http://
11.137.145.158:8080/certsrv/mscep/mscep.dll ra
l Bound PKI entity: users
l CA's fingerprint algorithm: secure hash algorithm
(SHA)
Fingerprint:
7bb05ada0482273388ed4ec228d79f77309ea3f4
l SSL parameters, as shown in the following table.
Policy Name
Maximum Number of
Sessions
Session Timeout Period
sslserver 40 7200s
l HTTPS service port number: 1278
NOTE
Before starting the configuration, ensure that routes between the Router, user hosts, and CA are reachable.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 11 SSL Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
225
To Next Page
Loading...
Need help?
General
