No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of Web System Login

Overview of Web System Login

Definition

Web systems are used to manage devices. Before using a web system to manage a device, users need to log in to the system using the device's internal web server.

Purpose

You can manage a device using a web system or a command line interface (CLI). On a CLI, you must use commands to manage and maintain the device. The CLI method allows you to implement fine-grained device management, but you must familiarize yourself with required commands. The web system is easy to operate and allows you to manage and maintain the device on a GUI. However, the web system provides only basic routine maintenance and management functions. You can select a proper management method based on actual needs.

To use the CLI, you must log in to the device through a console port or using Telnet or STelnet. To use the web system, you must log in to the device through HTTPS.

For details on how to log in to a device through the console port or using Telnet or STelnet, see CLI Login Configuration.

Concepts

Before configuring web system login, familiarize yourself with the following concepts:
  • HTTP

    Hypertext Transfer Protocol (HTTP) is used to transfer web page files over the Internet. It runs at the application layer of the TCP/IP protocol stack. The transport layer uses the connection-oriented TCP protocol. Due to the security vulnerability of HTTP, devices only allow you to log in to the web system through the more secure Hypertext Transfer Protocol Secure (HTTPS).

  • HTTPS

    HTTPS uses secure sockets layer (SSL) to encrypt data exchanged between the client and device and defines access control policies based on certificate attributes. HTTPS enhances data integrity and transmission security, ensuring only authorized clients can log in to the device.

  • SSL policy

    An SSL policy defines parameters that the device uses during startup, and is implemented during configuration of HTTPS. During configuration, the corresponding digital certificate on the device is loaded. The SSL policy takes effect only after it is applied to application layer protocols, such as HTTP.

  • Digital certificate

    A digital certificate is issued by a certificate authority (CA) and uses a digital signature to bind a public key with an identity (applicant who possesses the certificate). The digital certificate includes information such as the applicant name, public key, digital signature of the CA, and validity period of the digital certificate. A digital certificate validates the identities of two communicating parties to improve communication reliability.

  • Certificate Authority (CA)

    A CA issues, manages, and revokes digital certificates by checking the validity of digital certificate owners, issuing digital certificates to prevent eavesdropping and tampering, and managing keys. A worldwide trusted CA is called a root CA. The root CA can authorize other CAs as subordinate. CA identity needs to be verified and is described in a trusted-CA file.

    For example, if CA1 is the root CA and issues a certificate for CA2, CA2 then issues a certificate for CA3. This process continues until the final server certificate is issued.

    Assume that CA3 issues the server certificate. A certificate authentication process on the client starts from server certificate authentication:
    • The client first verifies validity of the server certificate based on the CA3 certificate.
    • The client then checks CA2 certificate to verify validity of the CA3 certificate.
    • The client then checks CA1 certificate to verify validity of the CA2 certificate.
    • The server certificate passes the authentication only when the CA2 certificate is verified valid by the CA1 certificate.

    Figure 2-1 shows the certificate issuing and authentication processes.

    Figure 2-1  Certificate issuing and authentication
  • Certificate Revocation List (CRL)

    A CRL is issued by a CA and specifies a list of certificates that have been revoked. It should not be strongly relied upon.

    Each digital certificate has a limited lifetime and a CA can revoke a digital certificate to shorten its lifetime. The validity period of a certificate specified in the CRL is shorter than the original validity period of the certificate. If a CA revokes a digital certificate, the key pair defined in the certificate can no longer be used even if the digital certificate does not expire. When a certificate expires, it is deleted from the CRL to shorten it.

You can load the CRL and a certificate (trust certificate) with a higher level than the digital certificate on your PC. If not loaded, you are prompted to trust the server when establishing a connection with a web server. Once the connection is established successfully, the PC cannot immediately verify the digital certificate on the server. However, the confidentiality of data transmitted between the PC and server is ensured. To ensure that you are connecting to a valid web server, you can load a trust certificate and CRL on the PC. For details on how to load trust certificates, refer to the help information in the operating system.
Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 83465

Downloads: 112

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next