User Guide
Chapter 4 Configuring the domain 141
Nortel Secure Network Access Switch 4050 User Guide
cachain <certificate
index list>
Specifies the CA certificate chain of the server
certificate.
•
certificate index list is a
comma-separated list of the certificate index
numbers assigned to the certificates in the chain.
The chain starts with the issuing CA certificate of
the server certificate and can range up to the root
CA certificate.
The command explicitly constructs the server
certificate chain. The chain and the server certificate
are sent to the browser.
To clear all specified chain certificates, press Enter at
the prompt to enter the certificate numbers. At the
prompt to confirm that you want to clear the list, enter
yes.
Note: The SSL server can use chain certificates only if
the protocol version is set to ssl3 or ssl23 (see
/cfg/domain #/server/ssl/protocol).
protocol
ssl2|ssl3|ssl23|tls1
Specifies the protocol to use when establishing an SSL
session with a client. Valid options are:
•
ssl2 — accept SSL 2.0 only
•
ssl3 — accept SSL 3.0 and TLS 1.0
•
ssl23 — accept SSL 2.0, SSL 3.0, and TLS 1.0
• tls1 — accept TLS 1.0 only
The default value is
ssl3.
verify none|optional|
required
Specifies the level of client authentication to use when
establishing an SSL session. Valid options are:
•
none — no client certificate is required
•
optional — a client certificate is requested, but
the client need not present one
•
required — a client certificate is required
The default value is
none.
Not supported in Nortel Secure Network Access Switch
Software Release 1.0.
ciphers <cipher list>
Specifies the cipher preference list.
• cipher list is an expression that consists of
cipher strings separated by colons. The default
cipher list is
ALL@STRENGTH.
For more information about cipher lists, see “Supported
ciphers” on page 881.
/cfg/domain #/server/ssl
followed by: