To do… | Use the command… | Remarks | |
|
| Required | |
|
| By default, PKI and SSL are not configured. | |
Configure PKI and SSL related | — | • For more information about PKI, see the | |
features | Security Configuration Guide. | ||
| |||
|
| • For more information about SSL, see the | |
|
| Security Configuration Guide. | |
|
|
| |
|
| Required | |
|
| By default, the HTTPS service is not associated | |
|
| with any SSL server policy. | |
|
| • If you disable the HTTPS service, the system | |
Associate the HTTPS service | ip https | automatically | |
service from the SSL service policy. Before | |||
with an SSL server policy | |||
|
| the HTTPS service with an SSL server policy | |
|
| first. | |
|
| • Any changes to the SSL server policy | |
|
| associated with the HTTP service that is | |
|
| enabled do not take effect. | |
|
|
| |
|
| Required | |
|
| Disabled by default. | |
|
| Enabling the HTTPS service triggers an SSL | |
|
| handshake negotiation process. During the | |
|
| process, if the local certificate of the device | |
|
| exists, the SSL negotiation succeeds, and the | |
Enable the HTTPS service | ip https enable | HTTPS service can be started normally. If no | |
local certificate exists, a certificate application | |||
|
| ||
|
| process will be triggered by the SSL | |
|
| negotiation. Because the application process | |
|
| takes much time, the SSL negotiation often fails | |
|
| and the HTTPS service cannot be started | |
|
| normally. In that case, you need to execute the | |
|
| ip https enable command multiple times to | |
|
| start the HTTPS service. | |
|
|
|
68