F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
946
Ste
p
Command
Remarks
1629. Enable SSL client weak
authentication.
client-verify weaken
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
NOTE:
Only TSL1.0 is supported in FIPS mode.
355B
HTTPS login configuration example using the CA
certificate
1054BNetwork requirements
As shown in 3083HFig u re 417, users need to access and control the firewall through webpages.
For security of the firewall and to make sure data is not eavesdropped or tampered with, configure the
firewall so users must use HTTPS to log in to the Web interface of the firewall.
Figure 417 Network diagram
1055BConfiguration considerations
To achieve the goal, perform the following configurations:
• Configure Firewall to work as the HTTPS server and request a certificate for it.
• Request a certificate for Host so Firewall can authenticate the identity of Host.
• Configure a CA server to issue certificates to Firewall and Host.
1056BConfiguration procedure
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Before performing the following configurations, make sure the firewall, the host, and the CA server can
reach each other.
1. Configure the HTTPS server (Firewall):