The peer ssl-server certificate command enables SSL/TLS authentication on an SSL server.
The undo peer ssl-server certificate command cancels SSL/TLS authentication on an SSL server.
By default, SSL/TLS authentication is disabled on an SSL server.
Usage Scenario
The Secure Sockets Layer (SSL) protocol protects data privacy on the Internet by preventing attackers from eavesdropping on data exchanged between a client and a server. The Transport Layer Security (TLS) protocol is an SSL successor and ensures data integrity and privacy. To enable SSL/TLS authentication on an SSL server, run the peer ssl-server certificate command. BGP messages are then encrypted to ensure data transmission security on the network.
Prerequisites
A BGP peer relationship has been established using the peer as-number command.
Precautions
SSL/TLS authentication can be enabled only on servers.
The SSL/TLS authentication configuration for a peer takes precedence over that for a peer group to which the peer belongs. SSL/TLS authentication takes effect only when SSL client and server roles are specified, SSL policies are applied to the client and server, and SSL/TLS authentication is enabled on the server (SSL/TLS authentication is not required on the client).