Operation Manual – SSL-HTTPS
H3C S3610&S5510 Series Ethernet Switches Chapter 2 HTTPS Configuration
2-6
[Switch-pki-domain-1] certificate request url
http://10.1.2.2:8080/certsrv/mscep/mscep.dll
[Switch-pki-domain-1] certificate request from ra
[Switch-pki-domain-1] certificate request entity en
[Switch-pki-domain-1] quit
# Generate a key pair locally by using the RSA algorithm.
[Switch] public-key local create rsa
# Obtain a server certificate from CA.
[Switch] pki retrieval-certificate ca domain 1
# Apply for a local certificate.
[Switch] pki request-certificate domain 1
2) Configure an SSL server policy associated with the HTTPS service
# Configure SSL server policy.
[Switch] ssl server-policy myssl
[Switch-ssl-server-policy-myssl] pki-domain 1
[Switch-ssl-server-policy-myssl] client-verify enable
[Switch-ssl-server-policy-myssl] quit
3) Configure certificate access control policy
# Configure certificate attribute group.
[Switch] pki certificate attribute-group mygroup1
[Switch-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn
new-ca
[Switch-pki-cert-attribute-group-mygroup1] quit
# Configure certificate access control policy myacp and create a control rule.
[Switch] pki certificate access-control-policy myacp
[Switch-pki-cert-acp-myacp] rule 1 permit mygroup1
[Switch-pki-cert-acp-myacp] quit
4) Reference an SSL server policy
# Associate the HTTPS service with the SSL server policy myssl.
[Switch] ip https ssl-server-policy myssl
5) Associate the HTTPS service with a certificate attribute access control policy
# Associate the HTTPS service with a certificate attribute access control policy myacp.
[Switch] ip https certificate access-control-policy myacp
6) Enable the HTTPS service
# Enable the HTTPS service.
[Switch] ip https enable
7) Verify the configuration