Example for Configuring HTTP for Device Login

This section provides an example for configuring HTTP for device login, so that you can log in to an HTTP server from an HTTP client to download the desired certificate.

Networking Requirements

To enable an HTTP client to download a certificate from an HTTP server, use HTTP. On the network shown in Figure 1, the route between the device functioning as an HTTP client and the HTTP server is reachable. You can log in to the HTTP server from the HTTP client to download a certificate from the server.

The server supports SSL policies. To improve data transmission security, configure an SSL policy on the HTTP client.

Figure 1 Device login using HTTP

Configuration Roadmap

The configuration roadmap is as follows:

Configure an SSL policy on the HTTP client.
Configure the HTTP client.

Data Preparation

To complete the configuration, you need the following data:

SSL policy name policy1 to used configured on the HTTP client

Procedure

Configure an SSL policy on the HTTP client.

<HUAWEI> system-view
[~HUAWEI] ssl-policy policy1
[*HUAWEI-ssl-policy-policy1] certificate load pem-cert a_servercertchain2_pem_dsa.pem key-pair dsa key-file a_serverkeychain2_pem_dsa.pem auth-code cipher 123456
[*HUAWEI-ssl-policy-policy1] trusted-ca load pem-ca a_rootcertchain2_pem_dsa.pem
[*HUAWEI-ssl-policy-policy1] commit
[~HUAWEI-ssl-policy-policy1] quit

Configure the HTTP client.

[~HUAWEI] http
[*HUAWEI-http] client ssl-policy policy1
[*HUAWEI-http] client ssl-verify peer 
[*HUAWEI-http] commit
[~HUAWEI-http] quit

Check whether the HTTP client is successfully configured.

[~HUAWEI] display ssl policy
       SSL Policy Name: policy1
     Policy Applicants: HTTP-CLIENT 
         Key-pair Type: DSA
 Certificate File Type: PEM
      Certificate Type: certificate
  Certificate Filename: a_servercertchain2_pem_dsa.pem
     Key-file Filename: a_serverkeychain2_pem_dsa.pem
             Auth-code: ******
                   MAC:
           Issuer name: HUAWEI
   Validity Not Before: 2008-07-04 06:30:11Z
    Validity Not After: 2018-07-02 06:30:11Z
              CRL File:
       Trusted-CA File:
     Trusted-CA File 1: Format = PEM, Filename = a_rootcertchain2_pem_dsa.pem

Configuration Files

HTTP client configuration file

#
ssl policy policy1
 certificate load pem-cert a_servercertchain2_pem_dsa.pem key-pair dsa key-file a_serverkeychain2_pem_dsa.pem auth-code cipher %^%#<`c/:cbTs/'sK\S+ct)8ia_d!Ukn|&7pOM!5|dT6%^%#
 trusted-ca load pem-ca a_rootcertchain2_pem_dsa.pem
#
http
 client ssl-policy policy1
 client ssl-verify peer
#
return