R0106-HP MSR Router Series Security Configuration Guide(V7)
361
Ste
p
Command
Remarks
6. Enable the SSL server to
authenticate SSL clients through
digital certificate.
client-verify enable
By default, the SSL server does
not authenticate SSL clients
through digital certificates.
When authenticating a client by
using the digital certificate, the
SSL server performs the
following operations:
• Verifies the certificate chain
presented by the client.
• Checks that the certificates
in the certificate chain
(except the root CA
certificate) are not revoked.
Configuring an SSL client policy
An SSL client policy comprises a set of SSL parameters that the client uses to establish a connection to the
server. An SSL client policy takes effect only after it is associated with an application such as the DDNS.
For information about DDNS, see Layer 3—IP Services Configuration Guide.
To configure an SSL client policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL client policy and
enter its view.
ssl client-policy policy-name
By default, no SSL client policy
exists on the device.
3. (Optional.) Specify a PKI domain
for the SSL client policy.
pki-domain domain-name
By default, no PKI domain is
specified for an SSL client policy.
If SSL client authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL client in the
PKI domain.
For information about how to
create and configure a PKI
domain, see "Configuring PKI."