SecPath U200-M无法登录HTTP,HTTPS服务已开启同样无法使用

#
 version 5.20, Feature 5123P36
#
 sysname BGW_security
#
 clock timezone BJ add 08:00:00
#
 password-control enable
 password-control length 8
 password-control composition type-number 3 type-length 4
 password-control login-attempt 5 exceed lock-time 60
 password-control complexity user-name check
#
 super password level 3 cipher OX2X55^%:H*^US3K"<C2<1!!
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 domain default enable system
#
 ip http acl 2000
#
 undo alg dns
 undo alg rtsp
 undo alg h323 
 undo alg sip
 undo alg sqlnet
 undo alg pptp
 undo alg ils
 undo alg nbt
 undo alg msn
 undo alg qq
 undo alg tftp
 undo alg sccp
 undo alg xdmcp
 undo alg rsh
#
acl number 2000
 rule 1 permit source 192.168.0.0 0.0.255.255
#
vlan 1
#
vlan 130
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
pki domain default
  crl check disable
#
user-group system
#
local-user admin
 authorization-attribute acl 2000
 service-type ssh terminal
local-user audit
 authorization-attribute level 3
 authorization-attribute acl 2000
 service-type ssh terminal
 service-type portal
#
ssl server-policy default
 pki-domain default
#
interface NULL0
#
interface Vlan-interface130
 ip address 192.168.130.252 255.255.255.0
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/3
 port link-mode route
#
interface GigabitEthernet0/4
 port link-mode route
#
interface GigabitEthernet0/5
 port link-mode route
#
interface GigabitEthernet0/1
 port link-mode bridge
 port access vlan 130
#
interface GigabitEthernet0/2
 port link-mode bridge
 port access vlan 130
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.130.254
#
 info-center logbuffer size 1024
 info-center trapbuffer size 1024
#
 ntp-service authentication enable
 ntp-service authentication-keyid 99 authentication-mode md5 +L%+/Q"U&'QF5"6K6S_ZPQ!!
 ntp-service reliable authentication-keyid 99
 ntp-service unicast-server 192.168.130.253 authentication-keyid 99
#
 ssh server enable
 ssh user admin service-type stelnet authentication-type password
 ssh user audit service-type stelnet authentication-type password
#
 ip https acl 2000
 ip https ssl-server-policy default
 ip https enable
#
 load xml-configuration
#
user-interface con 0
 authentication-mode scheme
 set authentication password cipher OX2X55^%:H*^US3K"<C2<1!!
 idle-timeout 5 0
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode scheme
 set authentication password cipher OX2X55^%:H*^US3K"<C2<1!!
 idle-timeout 5 0
 protocol inbound ssh
#
return

#
 version 5.20, Feature 5123P36
#
 sysname BGW_security
#
 clock timezone BJ add 08:00:00
#
 password-control enable
 password-control length 8
 password-control composition type-number 3 type-length 4
 password-control login-attempt 5 exceed lock-time 60
 password-control complexity user-name check
#
 super password level 3 cipher OX2X55^%:H*^US3K"<C2<1!!
#
 undo voice vlan mac-address 00e0-bb00-0000
#
 domain default enable system
#
 ip http acl 2000
#
 undo alg dns
 undo alg rtsp
 undo alg h323 
 undo alg sip
 undo alg sqlnet
 undo alg pptp
 undo alg ils
 undo alg nbt
 undo alg msn
 undo alg qq
 undo alg tftp
 undo alg sccp
 undo alg xdmcp
 undo alg rsh
#
acl number 2000
 rule 1 permit source 192.168.0.0 0.0.255.255
#
vlan 1
#
vlan 130
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
pki domain default
  crl check disable
#
user-group system
#
local-user admin
 authorization-attribute acl 2000
 service-type ssh terminal
local-user audit
 authorization-attribute level 3
 authorization-attribute acl 2000
 service-type ssh terminal
 service-type portal
#
ssl server-policy default
 pki-domain default
#
interface NULL0
#
interface Vlan-interface130
 ip address 192.168.130.252 255.255.255.0
#
interface GigabitEthernet0/0
 port link-mode route
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/3
 port link-mode route
#
interface GigabitEthernet0/4
 port link-mode route
#
interface GigabitEthernet0/5
 port link-mode route
#
interface GigabitEthernet0/1
 port link-mode bridge
 port access vlan 130
#
interface GigabitEthernet0/2
 port link-mode bridge
 port access vlan 130
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.130.254
#
 info-center logbuffer size 1024
 info-center trapbuffer size 1024
#
 ntp-service authentication enable
 ntp-service authentication-keyid 99 authentication-mode md5 +L%+/Q"U&'QF5"6K6S_ZPQ!!
 ntp-service reliable authentication-keyid 99
 ntp-service unicast-server 192.168.130.253 authentication-keyid 99
#
 ssh server enable
 ssh user admin service-type stelnet authentication-type password
 ssh user audit service-type stelnet authentication-type password
#
 ip https acl 2000
 ip https ssl-server-policy default
 ip https enable
#
 load xml-configuration
#
user-interface con 0
 authentication-mode scheme
 set authentication password cipher OX2X55^%:H*^US3K"<C2<1!!
 idle-timeout 5 0
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode scheme
 set authentication password cipher OX2X55^%:H*^US3K"<C2<1!!
 idle-timeout 5 0
 protocol inbound ssh
#
return

问题:

1.    ip http 服务开启 但用管理员账户无法登录，提示登录失败，用户权限3级，用户类型无http或https

2.    ip https服务请问可以使用设备自己生成ssl证书吗？也就是说设备本身可以做ca服务端自己生成ssl证书吗？请问如何配置，如何设置。。。我就来被它搞哭了

3.我这边要做等保2级，Http要关闭，https要开启，但本人对http和https的使用方法不是很清楚，请大牛求教