65
[Firewall-pki-cert-attribute-group-mygroup1] quit
# Create a certificate attribute-based access control policy
myacp
. Configure a certificate
attribute-based access control rule, specifying that a certificate is considered valid when it matches an
attribute rule in certificate attribute group
myacp
.
[Firewall] pki certificate access-control-policy myacp
[Firewall-pki-cert-acp-myacp] rule 1 permit mygroup1
[Firewall-pki-cert-acp-myacp] quit
# Associate the HTTPS service with SSL server policy
myssl
.
[Firewall] ip https ssl-server-policy myssl
# Associate the HTTPS service with certificate attribute-based access control policy
myacp
.
[Firewall] ip https certificate access-control-policy myacp
# Enable the HTTPS service.
[Firewall] ip https enable
# Create a local user named
usera
, set the password to
123
for the user, and specify the web service type
for the local user.
[Firewall] local-user usera
[Firewall-luser-usera] password simple 123
[Firewall-luser-usera] service-type web
2.
Configure the host that acts as the HTTPS client
On the host, run the IE browser. In the address bar, enter
http://10.1.2.2/certsrv
and request a certificate
for the host as prompted.
3.
Verify the configuration
Enter
https://10.1.1.1
in the address bar, and select the certificate issued by
new-ca
. Then the web login
page of the Firewall appears. On the login page, type the username
usera
, and password
123
to enter
the web management page.
NOTE:
•
To log in to the web interface through HTTPS, enter the URL address starting with https://. To log in to
the web interface through HTTP, enter the URL address starting with http://.
•
For more information about the SSL commands, see
Network Management Command Reference.
Troubleshooting web login problems
Problem 1: Unable to access the device through web
Problem description
The user can ping the device successfully, and log in to the device through Telnet. HTTP is enabled and
the operating system and browser version are as required. But the user cannot access the web interface
of the device.
Problem analysis
•
If Microsoft Internet Explorer is used, select the Enable button for Run ActiveX controls and plug-ins,
Script ActiveX controls marked safe for scripting, and Active scripting .
•
If Mozilla Firefox is used, enable JavaScript.