On the host, run the IE browser, and then enter http://10.1.2.2/certsrv in the address bar and request a certificate for the host as prompted.

3.Verify the configuration:

Enter https://10.1.1.1 in the address bar, and select the certificate issued by new-ca. When the Web login page of the firewall appears, enter the username usera and password 123 to log in to the Web management page.

For more information about PKI configuration commands, SSL configuration commands, and the public-key local create rsa command, see VPN Command Reference and Network Management Command Reference.

Troubleshooting Web browser

Failure to access the device through the Web interface

Symptom

You can ping the device successfully, and log in to the device through Telnet. HTTP is enabled and the operating system and browser version meet the Web interface requirements. However, you cannot access the Web interface of the device.

Analysis

If you use the Microsoft Internet Explorer, you can access the Web interface only when the following functions are enabled: Run ActiveX controls and plug-ins, script ActiveX controls marked safe for scripting and active scripting.

If you use the Mozilla Firefox, you can access the Web interface only when JavaScript is enabled.

Configuring the Internet Explorer settings

1.Open the Internet Explorer, and select Tools > Internet Options.

2.Click the Security tab, and then select a Web content zone to specify its security settings.

60