R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
124
NOTE:
• For more information about PKI configuration commands, see the PKI Commands
in
Security Comman
d
Reference
.
• For more information about the public-key local create rsa command, see the Public Key Commands
in
Security Command Reference
.
• For more information about HTTPS, see
System Management Configuration Guide
.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
Configuration prerequisites
If the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy, you
need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore, before
configuring an SSL client policy, you must configure a PKI domain. For more information about PKI
domain configuration, see the chapter “PKI configuration.”
Configuration procedure
Follow these steps to configure an SSL client policy:
To do… Use the command…
Remarks
Enter system view system-view —
Create an SSL client policy and
enter its view
ssl client-policy policy-name Required
Specify a PKI domain for the SSL
client policy
pki-domain domain-name
Optional
No PKI domain is configured by default.
Specify the preferred cipher suite
for the SSL client policy
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
Optional
rsa_rc4_128_md5 by default
Specify the SSL protocol version for
the SSL client policy
version { ssl3.0 | tls1.0 }
Optional
TLS 1.0 by default
NOTE:
If you enable client authentication on the server, you must request a local certificate for the client.