R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
513
3. Associate HTTPS service with the SSL server policy and enable HTTPS service
# Configure HTTPS service to use SSL server policy myssl.
[Firewall] ip https ssl-server-policy myssl
# Enable HTTPS service.
[Firewall] ip https enable
4. Verify your configuration
Launch IE on the host and enter https://10.1.1.1 in the address bar. You should be able to log in to
Firewall and manage it.
NOTE:
For more information about the public-key local create rsa command, see the Public Key Commands in
VPN Command Reference.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
Configuration prerequisites
If the SSL server is configured to authenticate the SSL client, you must configure the PKI domain for the SSL
client policy to use to obtain the certificate of the client.
Configuration procedure
Follow these steps to configure an SSL client policy:
To do… Use the command…
Remarks
Enter system view system-view —
Create an SSL client policy and
enter its view
ssl client-policy policy-name Required
Specify a PKI domain for the SSL
client policy
pki-domain domain-name
Optional
No PKI domain is configured by
default.
Specify the preferred cipher suite
for the SSL client policy
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
Optional
rsa_rc4_128_md5 by default
Specify the SSL protocol version for
the SSL client policy
version { ssl3.0 | tls1.0 }
Optional
TLS 1.0 by default
NOTE:
If you enable client authentication on the server, you must request a local certificate for the client.