peer ssl-server certificate (BGP view) (group)

Format

peer group-name ssl-server certificate

undo peer group-name ssl-server certificate

Parameters

Parameter	Description	Value
group-name	Specifies the name of a peer group.	The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Parameter

Description

Value

group-name

Specifies the name of a peer group.

The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

BGP view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
bgp	write

Usage Guidelines

Usage Scenario

The Secure Sockets Layer (SSL) protocol protects data privacy on the Internet by preventing attackers from eavesdropping on data exchanged between a client and a server. The Transport Layer Security (TLS) protocol is an SSL successor and ensures data integrity and privacy. To enable SSL/TLS authentication on an SSL server, run the peer ssl-server certificate command. BGP messages are then encrypted to ensure data transmission security on the network.

Prerequisites

A BGP peer relationship has been established using the peer as-number command.

Precautions

SSL/TLS authentication can be enabled only on servers.

The SSL/TLS authentication configuration for a peer takes precedence over that for a peer group to which the peer belongs.

SSL/TLS authentication takes effect only when SSL client and server roles are specified, SSL policies are applied to the client and server, and SSL/TLS authentication is enabled on the server (SSL/TLS authentication is not required on the client).

Example

# Enable SSL/TLS authentication on an SSL server.

<HUAWEI> system-view
[~HUAWEI] bgp 100
[*HUAWEI-bgp] group test external
[*HUAWEI-bgp] peer test as-number 100
[*HUAWEI-bgp] peer test ssl-server certificate