HP VPN Firewall Appliances Network Management Command Reference
1096
Default
No PKI domain is configured for an SSL server policy or SSL client policy.
Views
SSL server policy view, SSL client policy view
Default command level
2: System level
Parameters
domain-name: Name of a PKI domain, a case-insensitive string of 1 to 15 characters.
Usage guidelines
If you do not specify a PKI domain for an SSL server policy, the SSL server generates and signs a
certificate for itself rather than obtaining one from a CA server.
Examples
# Configure SSL server policy policy1 to use PKI domain server-domain.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] pki-domain server-domain
# Configure SSL client policy policy1 to use PKI domain client-domain.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] pki-domain client-domain
Related commands
• display ssl server-policy
• display ssl client-policy
prefer-cipher
Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.
Use undo prefer-cipher to restore the default.
Syntax
In non-FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 |
rsa_rc4_128_sha }
undo prefer-cipher
In FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
undo prefer-cipher
Default
The preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.