R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
123
[LB-pki-entity-en] fqdn ssl.security.com
[LB-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the entity for
certificate request as en.
[LB] pki domain 1
[LB-pki-domain-1] ca identifier ca server
[LB-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[LB-pki-domain-1] certificate request from ra
[LB-pki-domain-1] certificate request entity en
[LB-pki-domain-1] quit
# Create the local RSA key pairs.
[LB] public-key local create rsa
# Retrieve the CA certificate.
[LB] pki retrieval-certificate ca domain 1
# Request a local certificate for the LB module.
[LB] pki request-certificate domain 1
# Create an SSL server policy named myssl.
[LB] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[LB-ssl-server-policy-myssl] pki-domain 1
# Enable client authentication.
[LB-ssl-server-policy-myssl] client-verify enable
[LB-ssl-server-policy-myssl] quit
# Configure HTTPS service to use SSL server policy myssl.
[LB] ip https ssl-server-policy myssl
# Enable HTTPS service.
[LB] ip https enable
# Create a local user named usera, and set the password to 123 and service type to telnet.
[LB] local-user usera
[LB-luser-usera] password simple 123
[LB-luser-usera] service-type telnet
2. Configure the HTTPS client (Host)
On Host, launch IE, enter http://10.1.2.2/certsrv in the address bar and request a certificate for Host as
prompted.
3. Verify your configuration
Launch IE on the host, enter https://10.1.1.1 in the address bar, and select the certificate issued by the CA
server. The web interface of the LB module should appear. After entering username usera and password
123 , you should be able to log in to the web interface to access and manage the module.