| Parameter | Description | Value |
|---|---|---|
| policy-name | Displays the configuration of a specific SSL policy. If the SSL policy name is not specified, configurations of all SSL policies are displayed. |
The value is a string of 1 to 23 case-insensitive characters without spaces. The value can contain digits, letters, and underscores (_). |
You can run the display ssl policy command to display the SSL policy configuration when the device functions as a server or client.
After an SSL policy and its certificates are loaded and configured, you can run this command to obtain information such as the SSL policy name, service applications supported by the SSL policy, certificate name, and certificate type so that you can determine whether the existing SSL policy and certificates are available.
# Display the configuration of SSL policy ftp_server.
<HUAWEI> display ssl policy ftp_server SSL Policy Name: ftp_server Policy Applicants: Key-pair Type: DSA Certificate File Type: ASN1 Certificate Type: certificate Certificate Filename: servercert.der Key-file Filename: serverkey.der Auth-code: MAC: CRL File: Trusted-CA File: Issuer Name: Validity Not Before: Validity Not After:
# Display the configuration of SSL policy ftp_client.
<HUAWEI> display ssl policy ftp_client
SSL Policy Name: ftp_client
Policy Applicants:
Key-pair Type: RSA
Certificate File Type: ASN1
Certificate Type: certificate
Certificate Filename: servercert.der
Key-file Filename: serverkey.der
Auth-code:
MAC:
CRL File:
Trusted-CA File:
Issuer Name:
Validity Not Before:
Validity Not After:
Item |
Description |
|---|---|
SSL Policy Name |
SSL policy name. You can run the ssl policy command to configure the SSL policy name. |
Policy Applicants |
Service using SSL policies. Currently, SSL policies are supported in HTTP, FTP and Syslog services. |
Key-pair Type |
Type of a key pair.
You can run the certificate load command to configure the type of a key pair. |
Certificate File Type |
Certificate format. This parameter is mandatory when the
device functions as a server.
You can run the certificate load command to configure the certificate format. |
Certificate Type |
Certificate type. This parameter is mandatory when the device
functions as a server.
You can run the certificate load command to configure the certificate type. |
Certificate Filename |
Certificate name. This parameter is mandatory when the device functions as a server. You can run the certificate load command to configure the certificate name. |
Key-file Filename |
Key pair file name. This parameter is mandatory when the device functions as a server. You can run the certificate load command to configure the key pair file name. |
Auth-code |
Authentication code of a key file. You can run the certificate load command to configure the authentication code of a key file. If an ASN1 certificate is loaded, the authentication code is unavailable. |
MAC |
Message authentication code. The message authentication code is required only when you load PFX digital certificates. You can run the certificate load command to configure the message authentication code. |
CRL File |
CRL file. You are advised to configure the CRL file for a client. You can run the crl load command to configure the CRL file. |
Trusted-CA File |
File of a trusted CA. This parameter is mandatory when the device functions as a client.
You can run the trusted-ca load command to configure the file of a trusted CA. |
Issuer Name |
Issuer name. |
Validity Not Before |
Time when validity starts. |
Validity Not After |
Time when validity ends. |