Enabling HTTPS
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Apply an SSL server policy to control HTTPS access. | ip https ssl-server-policy policy-name | By default, no SSL server policy is applied. The HTTP service uses a self-signed certificate. Disabling the HTTPS service removes the SSL service policy application. To enable the HTTPS service again, you must reconfigure this command. If the HTTPS service has been enabled, any changes to the associated SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again. |
3. Enable the HTTPS service. | ip https enable | By default, HTTPS is disabled. Enabling the HTTPS service triggers the SSL handshake negotiation process.
|
4. (Optional.) Apply a certificate-based access control policy to control HTTPS access. | ip https certificate access-control-policy policy-name | By default, no certificate-based access control policy is applied for HTTPS access control. For clients to log in through HTTPS, you must configure the client-verify enable command and a minimum of one permit rule in the associated SSL server policy. For more information about certificate-based access control policies, see the chapter on PKI in Security Configuration Guide. |
5. (Optional.) Specify the HTTPS service port number. | ip https port port-number | The default HTTPS service port number is 443. |
6. (Optional.) Apply a basic ACL for HTTPS access control. | ip https acl { acl-number | name acl-name } | By default, no ACL is applied to the HTTPS service. |