HCIE network engineers must know:SSL configuration
SSL uses data encryption, identity verification, and message integrity verification mechanisms to ensure the security of TCP reliable connections.
The specific configuration process is as follows:
1. For the client:
a. ssl policy policy-name //Enter the SSL policy view and configure the SSL policy
b. ssl minimum version {tls1.0 | tls1.1 | tls1.2}
// Specify the minimum version used by the current SSL policy, the minimum version used by the default SSL policy is TLS1.1
c. certificate load
//When the server wants to authenticate the client, load the digital certificate.
d. crl load {pem-crl | asn1-crl} crl-filename
//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked
e. Execute the trusted-ca load //load trusted certificate authority file. An SSL policy can load up to 4 trusted certificate authority files at the same time. By default, no trusted certificate authority is loaded in the SSL policy
2. For the server:
a. ssl policy policy-name //Enter the SSL policy view and configure the SSL policy
b. ssl minimum version {tls1.0 | tls1.1 | tls1.2}
// Specify the minimum version used by the current SSL policy, the minimum version used by the default SSL policy is TLS1.1
c. crl load {pem-crl | asn1-crl} crl-filename
//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked
d. crl load {pem-crl | asn1-crl} crl-filename
//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked
e. Execute the trusted-ca load //load trusted certificate authority file. An SSL policy can load up to 4 trusted certificate authority files at the same time. By default, no trusted certificate authority is loaded in the SSL policy.
