71
[Device-pki-cert-acp-myacp] quit
# Associate the HTTPS service with SSL server policy
myssl
.
[Device] ip https ssl-server-policy myssl
# Associate the HTTPS service with certificate attribute-based access control policy
myacp
.
[Device] ip https certificate access-control-policy myacp
# Enable the HTTPS service.
[Device] ip https enable
# Create a local user named
usera
, set the password to
123
, specify the web service type. and specify
the user privilege level 3 for the local user. Users with privilege level 3 can perform all operations
supported by the device.
[Device] local-user usera
[Device-luser-usera] password simple 123
[Device-luser-usera] service-type web
[Device-luser-usera] authorization-attribute level 3
2.
Configure the host to act as the HTTPS client
On the host, run the IE browser, and then enter
http://10.1.2.2/certsrv
in the address bar and request a
certificate for the host as prompted.
3.
Verify the configuration
Enter
https://10.1.1.1
in the address bar, and select the certificate issued by
new-ca
. When the web login
page of the device appears, enter the username
usera
and password
123
to enter the web management
page.
NOTE:
•
To log in to the web interface through HTTPS, enter the URL address starting with https://. To log in to
the web interface through HTTP, enter the URL address starting with http://.
•
For more information about PKI configuration commands, SSL configuration commands, and the
public-key local create rsa
command, see
Security Command Reference.