H3C SecBladeIAG以HTTPS方式登录的典型配置
一、 组网需求:
SecbladeIAG、便携机、证书
二、 组网图:
三、 配置步骤:
1、将一对证书上传到IAG的CF卡中。
[IAG]pki import-certificate ca domain h3c der filename wlan_ca_certificate.cer //导入Ca证书
Importing certificates. Please wait a while......
The trusted CA's finger print is:
MD5 fingerprint:FB52 90D5 822C 2BAC DB50 2499 7B88 4B59
SHA1 fingerprint:6FFB E756 DC46 0739 A2F5 48CB 0D8A B186 0258 2888
Is the finger print correct?(Y/N):y
%Apr 29 18:07:22:148 2008 H3C PKI/4/Verify_CA_Root_Cert:CA root certificate of t
he domain h3c is trusted.
Import CA certificate successfully.
%Apr 29 18:07:22:164 2008 H3C PKI/4/Update_CA_Cert:Update CA certificates of the
Domain h3c successfully.
%Apr 29 18:07:22:165 2008 H3C PKI/4/Import_CA_Cert:Import CA certificates of the
domain h3c successfully.
[IAG]pki import-certificate local domain h3c p12 filename wlan_local_certificate.pfx //导入本地证书
Please input challenge password: h3c
Importing certificates. Please wait a while......
The trusted CA's finger print is:
MD5 fingerprint:FB52 90D5 822C 2BAC DB50 2499 7B88 4B59
SHA1 fingerprint:6FFB E756 DC46 0739 A2F5 48CB 0D8A B186 0258 2888
Is the finger print correct?(Y/N):y
2、IAG上配置PKI实体和域
#
pki entity https
common-name portal
organization portal-server
#
pki domain h3c
certificate request entity https
crl check disable
3、配置SSL 参数
#
ssl server-policy 1 //配置ssl策略
pki-domain h3c
#
ip https ssl-server-policy 1 //配置https代理引入ssl策略
#
ip https enable //开启https功能
#
四、 注意事项:
1、先导入CA证书,然后再导入本地证书。
2、导入本地证书的时候密码是h3c
3、如果在导入证书的过程中,出现错误或者无法导入,第一是可以看下证书的时间,第二是进行证书的销毁public-key local destroy rsa
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作