The client ssl-policy command configures an SSL policy for an HTTP client.
The undo client ssl-policy command deletes the SSL policy on an HTTP client.
By default, no SSL policy is configured on an HTTP client.
Usage Scenario
Legacy HTTP does not have any security mechanism. It transmits data in simple text and does not verify the identities of communicating parties. Therefore, data transmitted over HTTP may be tampered with. In applications that require high security, such as e-commerce and online banking, HTTP is inapplicable. To enhance security, run the client ssl-policy command to configure an SSL policy for an HTTP client.
Prerequisites
Configuration Impact
HTTP security is enhanced with the SSL security mechanisms, such as data encryption, identity verification, and message integrity check.
Precautions
An HTTP client can only have one SSL policy configured. If the client ssl-policy command is run more than once, the latest configuration overrides the previous one.
<HUAWEI> system-view [~HUAWEI] ssl policy policy1 [*HUAWEI-ssl-policy-policy1] certificate load pem-cert a_servercertchain2_pem_dsa.pem key-pair dsa key-file a_serverkeychain2_pem_dsa.pem auth-code cipher 123456 [*HUAWEI-ssl-policy-policy1] commit [~HUAWEI-ssl-policy-policy1] quit [~HUAWEI] http [*HUAWEI-http] client ssl-policy policy1