1-4
z
If you enable client authentication here, you must request a local certificate for the client.
z
Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0
corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clients
running SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a client
running SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carried
in the packet that the client sends to the server), the server will notify the client to use SSL 3.0 or
TLS 1.0 to communicate with the server.
SSL Server Policy Configuration Example
Network requirements
As shown in
Figure 1-3
, users can access and control Device through Web pages. For security of the
device, it is required that users use HTTPS (HTTP Security, which uses SSL) to log in to the Web
interface of the device and use SSL for identity authentication to ensure that data will not be
eavesdropped or tampered with.
To achieve the goal, perform the following configurations:
z
Configure Device to work as the HTTPS server and request a certificate for Device.
z
Request a certificate for Host so that Device can authenticate the identity of Host.
z
Configure a CA server to issue certificates to Device and Host.
z
In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA.
z
Before performing the following configurations, ensure that Device, Host, and the CA server can
reach each other.
Figure 1-3
Network diagram for SSL server policy configuration
Configuration procedure
1) Configure the HTTPS server (Device)
# Create a PKI entity named
en
, and configure the common name as
http-server1
and the FQDN as
ssl.security.com
.