F3215-HP Load Balancing Module Security Configuration Guide-6PW101
112
# Specify the PKI domain for the SSL server policy as 1.
[LB-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[LB-ssl-server-policy-myssl] client-verify enable
[LB-ssl-server-policy-myssl] quit
# Configure HTTPS service to use SSL server policy myssl.
[LB] ip https ssl-server-policy myssl
# Enable HTTPS service.
[LB] ip https enable
# Create a local user named usera, and set the password to 123, user privilege level to 3, and
service type to web.
[LB] local-user usera
[LB-luser-usera] password simple 123
[LB-luser-usera] authorization-attribute level 3
[LB-luser-usera] service-type web
2. Configure the HTTPS client on Host:
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for
Host as prompted.
3. Verify your configuration:
Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued
by the CA server. The Web interface of LB module should appear. After entering username usera
and password 123, you should be able to log in to the Web interface to access and manage LB
module.
For more information about Configuring PKI commands, see "Configuring PKI." For more information
about the public-key local create rsa command, see Security Command Reference. For more information
about HTTPS, see System Management Configuration Guide.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL client policy
and enter its view.
ssl client-policy policy-name N/A