HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

961

962

963

964

965

966

967

968

969

970

944

Ste

Command

Remarks

8. Configure the server to require

certificate-based SSL client

authentication.

client-verify enable

Optional.

By default, the SSL server does not

require the client to be

authenticated.

9. Enable SSL client weak

authentication.

client-verify weaken

Optional.

Disabled by default.

This command takes effect only

when the client-verify enable

command is configured.

NOTE:

Only TSL1.0 is supported in FIPS mode.

HTTPS login using CA certificate configuration

example

Network requirements

As shown in Figure 418, configure the firewall as the HTTPS server that uses an SSL server policy to protect

Web login. The firewall and the host obtain certificates from the CA server for identity authentication.

Figure 418 Network diagram

Configuration procedure

In this example, the CA server runs Windows Server and has the SCEP plug-in installed.

Before performing the following configurations, make sure the firewall, the host, and the CA server can

reach each other.

1. Configure the HTTPS server on the firewall:

# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN

as ssl.security.com.

<Firewall> system-view

[Firewall] pki entity en

[Firewall-pki-entity-en] common-name http-server1