H3C LS-3100-52P-OVS-H3 Operation Manual - page 1504
1-5
[Device] pki domain 1
[Device-pki-domain-1] ca identifier ca1
[Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Create the local RSA key pairs.
[Device] public-key local create rsa
# Retrieve the CA certificate.
[Device] pki retrieval-certificate ca domain 1
# Request a local certificate.
[Device] pki request-certificate domain 1
2) Configure an SSL server policy
# Create an SSL server policy named myssl.
[Device] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Device-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[Device-ssl-server-policy-myssl] client-verify enable
[Device-ssl-server-policy-myssl] quit
3) Associate HTTPS service with the SSL server policy and enable HTTPS service
# Configure HTTPS service to use SSL server policy myssl.
[Device] ip https ssl-server-policy myssl
# Enable HTTPS service.
[Device] ip https enable
4) Verify your configuration
Launch IE on the host and enter https://10.1.1.1 in the address bar. You should be able to log in to
Device and manage it.
z
For details about PKI configuration commands, refer to PKI Commands in the Security Volume.
z
For details about the public-key local create rsa command, refer to Public Key Commands in the
Security Volume.
z
For details about HTTPS, refer to HTTP Configuration in the System Volume.
Configuring an SSL Client Policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.