Enabling HTTPS
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Apply an SSL server policy to control HTTPS access. | ip https ssl-server-policy policy-name | By default, no SSL server policy is applied. The HTTP service uses a self-signed certificate. If the HTTPS service has been enabled, any changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again. To restore the default, you must disable HTTP and HTTPS, execute the undo ip https ssl-server-policy command, and then enable HTTP and HTTPS again. |
3. Enable the HTTPS service. | ip https enable | By default, HTTPS is disabled. Enabling the HTTPS service triggers the SSL handshake negotiation process.
|
4. (Optional.) Apply a certificate-based access control policy to control HTTPS access. | ip https certificate access-control-policy policy-name | By default, no certificate-based access control policy is applied for HTTPS access control. For clients to log in through HTTPS, you must configure the client-verify enable command and a minimum of one permit rule in the applied SSL server policy. For more information about certificate-based access control policies, see the chapter on PKI in Security Configuration Guide. |
5. (Optional.) Specify the HTTPS service port number. | ip https port port-number | The default HTTPS service port number is 443. |
6. (Optional.) Apply an ACL to the HTTPS service | ip https acl { acl-number | name acl-name } | N/A |