HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 229
SSL server policy configuration example, Network requirements, Configuration considerations,
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 229 highlights
SSL server policy configuration example Network requirements As shown in Figure 67, users need to access and control the device through web pages. For security of the device and to make sure that data is not eavesdropped or tampered with, configure the device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the web interface of the device. Figure 67 Network diagram Configuration considerations To achieve the goal, perform the following configurations: • Configure Device to work as the HTTPS server and request a certificate for Device. • Request a certificate for Host so that Device can authenticate the identity of Host. • Configure a CA server to issue certificates to Device and Host. Configuration procedure In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol (SCEP) plug-in is installed on the CA server. Before performing the following configurations, make sure the switch, the host, and the CA server can reach each other. 1. Configure the HTTPS server (Device): # Create a PKI entity named en, and configure the common name as http-server1 and the FQDN as ssl.security.com. system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the entity for certificate request as en. [Device] pki domain 1 [Device-pki-domain-1] ca identifier ca server [Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll [Device-pki-domain-1] certificate request from ra [Device-pki-domain-1] certificate request entity en 219