R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
64
To do… Use the command…
Remarks
Enable the HTTPS service
ip https enable
Required
Disabled by default.
Enabling the HTTPS service
triggers an SSL handshake
negotiation process. During the
process, if the local certificate of
the device exists, the SSL
negotiation succeeds, and the
HTTPS service can be started
properly. If no local certificate
exists, a certificate application
process will be triggered by the
SSL negotiation. Because the
application process takes much
time, the SSL negotiation often fails
and the HTTPS service cannot be
started normally. In that case, you
need to execute the ip https enable
command multiple times to start the
HTTPS service.
Associate the HTTPS service with
a certificate attribute-based
access control policy
ip https certificate
access-control-policy policy-name
Optional
By default, the HTTPS service is not
associated with any
certificate-based attribute access
control policy.
• Associating the HTTPS service
with a certificate-based
attribute access control policy
enables the device to control
the access rights of clients.
• You must configure the
client-verify enable command
in the associated SSL server
policy. If not, no clients can log
in to the device.
• The associated SSL server
policy must contain at least one
permit rule. Otherwise, no
clients can log in to the device.
Configure the port number of the
HTTPS service
ip https port port-number
Optional
443 by default.
Associate the HTTPS service with
an ACL
ip https acl acl-number
Required
By default, the HTTPS service is not
associated with any ACL.
Associating the HTTPS service with
an ACL enables the device to allow
only clients permitted by the ACL to
access the device.