Welcome to IE-LAB!

Exam Dumps
Search
Generic filters
CISCO
Search
Generic filters
CISCO

HCIE network engineers must know:SSL configuration

HCIE network engineers must know:SSL configuration

SSL uses data encryption, identity verification, and message integrity verification mechanisms to ensure the security of TCP reliable connections.

The specific configuration process is as follows:

1. For the client:

a. ssl policy policy-name //Enter the SSL policy view and configure the SSL policy

b. ssl minimum version {tls1.0 | tls1.1 | tls1.2}

// Specify the minimum version used by the current SSL policy, the minimum version used by the default SSL policy is TLS1.1

c. certificate load

//When the server wants to authenticate the client, load the digital certificate.

d. crl load {pem-crl | asn1-crl} crl-filename

//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked

e. Execute the trusted-ca load //load trusted certificate authority file. An SSL policy can load up to 4 trusted certificate authority files at the same time. By default, no trusted certificate authority is loaded in the SSL policy

2. For the server:

a. ssl policy policy-name //Enter the SSL policy view and configure the SSL policy

b. ssl minimum version {tls1.0 | tls1.1 | tls1.2}

// Specify the minimum version used by the current SSL policy, the minimum version used by the default SSL policy is TLS1.1

c. crl load {pem-crl | asn1-crl} crl-filename

//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked

d. crl load {pem-crl | asn1-crl} crl-filename

//Load digital certificate revocation certificate to revoke all invalid digital certificates that are within the validity period but have been revoked

e. Execute the trusted-ca load //load trusted certificate authority file. An SSL policy can load up to 4 trusted certificate authority files at the same time. By default, no trusted certificate authority is loaded in the SSL policy.

error: Content is protected !!
× How can I help you?