ssl policy

Function

The ssl policy command creates an SSL policy and displays the SSL policy view. If the SSL policy has been created before you run this command, the command directly displays the SSL policy view.

The undo ssl policy command deletes an SSL policy.

By default, no SSL policy is created.

Format

ssl policy policy-name

undo ssl policy policy-name

Parameters

Parameter	Description	Value
policy-name	Specifies the name of an SSL policy.	The value is a string of 1 to 23 case-insensitive characters without spaces. The value can contain digits, letters, and underscores (_).

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Traditional FTP and HTTP protocols does not have the security mechanism. Data that is transmitted in plain text can be modified. User identity cannot be authenticated and data security cannot be ensured. The SSL security policy uses the data encryption, user identity authentication, and message integrity check mechanisms to ensure the security of the TCP-based application layer.

Follow-up Procedure

After you have run the ssl policy command to display the SSL policy view, perform either of the following operations:

When the device functions as a server, run the certificate load to load the certificate or certificate chain.
When the device functions as a client, run the trusted-ca load and crl load commands to load the trusted CA and CRL so that the server validity can be authenticated.

Precautions

You can run the ssl policy command to create an SSL policy for the secure FTP and HTTP servers.
A maximum of four SSL policies can be created.

Example

# Create SSL policy https_der and display the SSL policy view.

<HUAWEI> system-view

[HUAWEI] ssl policy https_der

[HUAWEI-ssl-policy-https_der]