Configuring An Ssl Client Policy - HP FlexNetwork 10500 Series Security Configuration Manual

Step
7. Set the maximum number of
sessions that the SSL server
can cache.
8. Enable the SSL server to
authenticate SSL clients
through digital certificates.

Configuring an SSL client policy

An SSL client policy is a set of SSL parameters that the client uses to establish a connection to the
server. An SSL client policy takes effect only after it is associated with an application such as DDNS.
To configure an SSL client policy:
Step
1. Enter system view.
2. (Optional.) Disable SSL
session renegotiation.
3. Create an SSL client policy and
enter its view.
4. (Optional.) Specify a PKI
domain for the SSL client
policy.
Command
session cachesize size
client-verify enable
Command
system-view
ssl renegotiation disable
ssl client-policy policy-name
pki-domain domain-name
237
Remarks
By default, an SSL server can
cache a maximum of 500
sessions.
By default, SSL client
authentication is disabled.
When authenticating a client
by using the digital certificate,
the SSL server verifies the
certificate chain presented by
the client. It also checks that
the certificates in the certificate
chain (except the root CA
certificate) are not revoked.
Remarks
N/A
By default, SSL session
renegotiation is enabled.
By default, no SSL client policies
exist on the device.
By default, no PKI domain is
specified for an SSL client
policy.
If SSL client authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL client in
the PKI domain.
For information about how to
create and configure a PKI
domain, see "Configuring PKI."