F3215-HP Load Balancing Module System Management Configuration Guide-6PW101
31
Ste
p
Command
Remarks
3. Associate the HTTPS
service with an SSL server
policy.
ip https ssl-server-policy
policy-name
Optional.
By default, the HTTPS service is not
associated with any SSL server policy, and
the LB module uses a self-signed certificate
for authentication.
If you disable the HTTPS service, the system
automatically de-associates the HTTPS
service from the SSL service policy. Before
re-enabling the HTTPS service, associate
the HTTPS service with an SSL server policy
first.
If the HTTPS service has been enabled, any
changes to the SSL server policy
associated with it do not take effect.
4. Enable the HTTPS service.
ip https enable
By default, HTTPS is disabled.
Enabling the HTTPS service triggers an SSL
handshake negotiation process. During the
process, if the local certificate of the LB
module exists, the SSL negotiation
succeeds, and the HTTPS service can be
started properly. If no local certificate
exists, a certificate application process will
be triggered by the SSL negotiation.
Because the application process takes
much time, the SSL negotiation often fails
and the HTTPS service cannot be started
normally. In that case, execute the ip https
enable command multiple times to start the
HTTPS service.
5. Associate the HTTPS
service with a certificate
attribute-based access
control policy.
ip https certificate
access-control-policy
policy-name
Optional.
By default, the HTTPS service is not
associated with any certificate-based
attribute access control policy.
Associating the HTTPS service with a
certificate-based attribute access control
policy enables the LB module to control the
access rights of clients.
You must configure the client-verify enable
command in the associated SSL server
policy. If not, no clients can log in through
HTTPS.
The associated SSL server policy must
contain at least one permit rule.
Otherwise, no clients can log in through
HTTPS.
For more information about certificate
attribute-based access control policies, see
Security Configuration Guide.
6. Specify the HTTPS service
port number.
ip https port port-number
Optional.
The default HTTPS service port is 443.