Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

319

Configuration prerequisites

Configure the PKI domain for the SSL server policy to use to obtain a certificate for the SSL server. For

more information about PKI domain configuration, see "Configuring PKI."

Configuration procedure

To configure an SSL server policy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSL server policy
and enter its view.

ssl server-policy policy-name N/A

3.

Specify a PKI domain for the

SSL server policy.

pki-domain domain-name

By default, no PKI domain is
specified for an SSL server policy.
If SSL clients authenticate the server
through a digital certificate, you

must use this command to specify a

PKI domain and request a local
certificate for the SSL server

through the PKI domain.

4.

Specify the cipher suites for
the SSL server policy to

support.

ciphersuite
[ rsa_3des_ede_cbc_sha |

rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |

rsa_des_cbc_sha |

rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *

Optional.
By default, an SSL server policy

supports all cipher suites.

5.

Set the handshake timeout

time for the SSL server.

handshake timeout time

Optional.
3600 seconds by default.

6.

Set the SSL connection close
mode.

close-mode wait

Optional.
Not wait by default.

7.

Set the maximum number of
cached sessions and the

caching timeout time.

session { cachesize size | timeout
time } *

Optional.
The defaults are as follows:

•

500 for the maximum number

of cached sessions,

•

3600 seconds for the caching

timeout time.

8.

Configure the server to require

certificate-based SSL client

authentication.

client-verify enable

Optional.
By default, the SSL server does not
require the client to be

authenticated.

9.

Enable SSL client weak
authentication.

client-verify weaken

Optional.
Disabled by default.
This command takes effect only
when the client-verify enable

command is configured.