The ssl-policy command enables a client to perform SSL verification on a server.
The undo ssl-verify command disables a client from performing SSL verification on a server.
By default, no SSL policy is configured for a gRPC client.
| Parameter | Description | Value |
|---|---|---|
| ssl-policy-name |
Specifies the name of an SSL policy. |
The value is a string of 1 to 23 case-sensitive characters, spaces not supported. |
| verify-san san |
Specify the subject alternative name of the certificate on the server. |
The value is a string of 1 to 255 case-sensitive characters, spaces not supported. |
Usage Scenario
When you create a gRPC-based static subscription, an insecure TCP connection is set up between the device functioning as a client and the collector functioning as a server. In this case, you can run the ssl-policy command to configure an SSL policy for the client to establish a secure SSL connection with the server.
Prerequisites
Ensure that the SSL policy has been created before you run the ssl-policy command.
Precautions
If the no-tls parameter has been configured by running the ipv4-address port or ipv6-address port command in Destination-group view or protocol command in Subscription view and taken effect, the TLS encryption mode is not used. In this case, the client-specific SSL policy do not take effect.