66
To do…
Use the command…
Remarks
Associate the HTTPS service with
an SSL server policy
ip https ssl-server-policy
policy-name
Required
By default, the HTTPS service is not
associated with any SSL server policy.
•
If you disable the HTTPS service, the
system automatically de-associates the
HTTPS service from the SSL service
policy. Before re-enabling the HTTPS
service, associate the HTTPS service
with an SSL server policy first.
•
Any changes to the SSL server policy
associated with the HTTP service that is
enabled do not take effect.
Enable the HTTPS service
ip https enable
Required
Disabled by default.
Enabling the HTTPS service triggers an SSL
handshake negotiation process. During the
process, if the local certificate of the device
exists, the SSL negotiation succeeds, and
the HTTPS service can be started properly.
If no local certificate exists, a certificate
application process will be triggered by
the SSL negotiation. Because the
application process takes much time, the
SSL negotiation often fails and the HTTPS
service cannot be started normally. In that
case, you need to execute the
ip https
enable
command multiple times to start the
HTTPS service.
Associate the HTTPS service with a
certificate attribute-based access
control policy
ip https certificate
access-control-policy
policy-name
Optional
By default, the HTTPS service is not
associated with any certificate-based
attribute access control policy.
•
Associating the HTTPS service with a
certificate-based attribute access
control policy enables the device to
control the access rights of clients.
•
You must configure the
client-verify
enable
command in the associated SSL
server policy. If not, no clients can log in
to the device.
•
The associated SSL server policy must
contain at least one
permit
rule.
Otherwise, no clients can log in to the
device.
•
For more information about certificate
attribute-based access control policies,
see
Security Configuration Guide
.
Configure the port number of the
HTTPS service
ip https port
port-number
Optional
443 by default.