The peer ssl-server certificate command enables SSL/TLS authentication on an SSL server.
The peer ssl-server certificate disable command disables SSL/TLS authentication on an SSL server.
The undo peer ssl-server certificate command cancels SSL/TLS authentication on an SSL server.
The undo peer ssl-server certificate disable command restores the default configuration and takes effect only when the peer ssl-server certificate disable command is run.
By default, SSL/TLS authentication is disabled on an SSL server.
| Parameter | Description | Value |
|---|---|---|
| ipv4-address |
Specifies the IPv4 address of a BGP peer. |
The value is in dotted decimal notation. |
| ipv6-address |
Specifies the IPv6 address of a peer. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| disable |
Disables SSL/TLS authentication on an SSL server. |
- |
Usage Scenario
The Secure Sockets Layer (SSL) protocol protects data privacy on the Internet by preventing attackers from eavesdropping on data exchanged between a client and a server. The Transport Layer Security (TLS) protocol is an SSL successor and ensures data integrity and privacy. To enable SSL/TLS authentication on an SSL server, run the peer ssl-server certificate command. BGP messages are then encrypted to ensure data transmission security on the network.
Prerequisites
A BGP peer relationship has been established using the peer as-number command.
Precautions
SSL/TLS authentication can be enabled only on servers.
The SSL/TLS authentication configuration for a peer takes precedence over that for a peer group to which the peer belongs. SSL/TLS authentication takes effect only when SSL client and server roles are specified, SSL policies are applied to the client and server, and SSL/TLS authentication is enabled on the server (SSL/TLS authentication is not required on the client).