HP VPN Firewall Appliances Network Management Command Reference
1091
Usage guidelines
If you configure the client-verify enable command and enable the SSL client weak authentication function,
whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the
client must pass authentication before accessing the SSL server; otherwise, the client can access the SSL
server without authentication.
If you configure the client-verify enable command but disable the SSL client weak authentication function,
the SSL client must pass authentication before accessing the SSL server.
Examples
# Configure the SSL server to require certificate-based SSL client authentication.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] client-verify enable
Related commands
• client-verify weaken
• display ssl server-policy
client-verify weaken
Use client-verify weaken to enable SSL client weak authentication.
Use undo client-verify weaken to restore the default.
Syntax
client-verify weaken
undo client-verify weaken
Default
SSL client weak authentication is disabled.
Views
SSL server policy view
Default command level
2: System level
Usage guidelines
The client-verify weaken command takes effect only when the SSL server requires certificate-based client
authentication.
If the SSL server requires certificate-based client authentication and the SSL client weak authentication
function is enabled, whether the client must be authenticated is up to the client. If the client chooses
authentication, the client must pass the authentication before accessing the SSL server. If the client does
not choose authentication, the client can access the SSL server without passing authentication.
If the SSL server requires certificate-based client authentication and SSL client weak authentication is
disabled, the SSL client must pass authentication before accessing the SSL server.
To apply the client-verify weaken command, you must restart the SSL VPN service. If the HTTPS service
is also enabled, you must restart both services.