配置设备作为HTTP客户端登录其他设备配置示例
在本示例中,通过从HTTP客户端登录HTTP服务器,实现从HTTP服务器中下载证书。
组网需求
当HTTP客户端需要进行从HTTP服务器端下载证书,可以使用HTTP协议。如图6-30所示,HTTP客户端的设备和HTTP服务器之间路由可达,用户可通过从HTTP客户端登录HTTP服务器,实现从HTTP服务器中下载证书到客户端。
HTTP服务器支持SSL策略,为了提高数据传输的安全性,建议HTTP客户端配置SSL策略。
操作步骤
- 配置HTTP客户端的SSL策略。
<HUAWEI> system-view
[~HUAWEI] ssl policy policy1
[*HUAWEI-ssl-policy-policy1] certificate load pem-cert a_servercertchain2_pem_dsa.pem key-pair dsa key-file a_serverkeychain2_pem_dsa.pem auth-code cipher 123456
[*HUAWEI-ssl-policy-policy1] trusted-ca load pem-ca a_rootcertchain2_pem_dsa.pem
[*HUAWEI-ssl-policy-policy1] commit
[~HUAWEI-ssl-policy-policy1] quit
- 配置HTTP客户端。
[~HUAWEI] http
[*HUAWEI-http] client ssl-policy policy1
[*HUAWEI-http] client ssl-verify peer
[*HUAWEI-http] commit
[~HUAWEI-http] quit
- 查看HTTP客户端是否配置成功。
[~HUAWEI] display ssl policy
SSL Policy Name: policy1 Policy Applicants: HTTP-CLIENT Key-pair Type: DSA Certificate File Type: PEM Certificate Type: certificate Certificate Filename: a_servercertchain2_pem_dsa.pem Key-file Filename: a_serverkeychain2_pem_dsa.pem Auth-code: ****** MAC: Issuer name: HUAWEI Validity Not Before: 2008-07-04 06:30:11Z Validity Not After: 2018-07-02 06:30:11Z CRL File: Trusted-CA File: Trusted-CA File 1: Format = PEM, Filename = a_rootcertchain2_pem_dsa.pem
配置文件
HTTP客户端的配置文件
# ssl policy policy1 certificate load pem-cert a_servercertchain2_pem_dsa.pem key-pair dsa key-file a_serverkeychain2_pem_dsa.pem auth-code cipher %^%#<`c/:cbTs/'sK\S+ct)8ia_d!Ukn|&7pOM!5|dT6%^%# trusted-ca load pem-ca a_rootcertchain2_pem_dsa.pem # http client ssl-policy policy1 client ssl-verify peer # return