65
Step
Command
Remarks
1.
(Optional.) Specify a
fixed verification code for
Web login.
web captcha verification-code
By default, no fixed verification code is
configured. A Web user must enter the
verification code displayed on the login
page at login.
2.
Enter system view.
system-view
N/A
3.
(Optional.) Apply an SSL
server policy to control
HTTPS access.
ip https ssl-server-policy
policy-name
By default, no SSL server policy is
applied. The HTTP service uses a
self-signed certificate.
Disabling the HTTPS service removes
the SSL service policy application. To
enable the HTTPS service again, you
must reconfigure this command again.
If the HTTPS service has been
enabled, any changes to the associated
SSL server policy do not take effect.
For the changes to take effect, you
must disable HTTP and HTTPS, and
then apply the policy and enable HTTP
and HTTPS again.
4.
Enable the HTTPS
service.
ip https enable
By default, HTTPS is disabled.
Enabling the HTTPS service triggers
the SSL handshake negotiation
process.
•
If the device has a local certificate,
the SSL handshake negotiation
succeeds and the HTTPS service
starts up.
•
If the device does not have a local
certificate, the certificate
application process starts.
Because the certificate application
process takes a long time, the SSL
handshake negotiation might fail
and the HTTPS service might not
be started. To solve the problem,
execute this command again until
the HTTPS service is enabled.
5.
(Optional.) Apply a
certificate-based access
control policy to control
HTTPS access.
ip https certificate
access-control-policy
policy-name
By default, no certificate-based access
control policy is applied for HTTPS
access control.
For clients to log in through HTTPS,
you must configure the
client-verify
enable
command and a minimum of
one
permit
rule in the associated SSL
server policy.
For more information about
certificate-based access control
policies, see the chapter on PKI in
Security Configuration Guide
.
6.
(Optional.) Specify the
HTTPS service port
number.
ip https port
port-number
The default HTTPS service port
number is 443.
7.
(Optional.) Set the
HTTPS login
authentication mode.
web https-authorization mode
{
auto
|
manual
}
By default, manual authentication mode
is used for HTTPS login.
Содержание FlexNetwork 10500 Series
Страница 139: ...130 Sysname display version ...