The server-certificate command configures the server certificate of an SSL uninstallation profile.
| Parameter | Description | Value |
|---|---|---|
| server-certificate-name | Specifies the name of the server certificate. | The specified server certificate name must already exist. |
For SSL uninstallation, FW serves as the SSL server. Therefore, the original SSL server certificate must be imported to the FW.
Import an SSL server certificate to the CF card first and then to the memory. Run the server-certificate command to associate the SSL certificate with the SSL uninstallation profile. After association, the server certificate is used during the SSL handshake, and this server certificate cannot be deleted.
If SSL offloading is performed on the firewall and the local certificate of the server is issued by a multi-level CA, you need to import both the local certificate and the multi-level CA certificate to the firewall. After the local certificate is referenced, the firewall sends the local certificate and CA certificate chain to the client. The client uses the complete CA certificate chain to verify the validity of the local certificate. Otherwise, a certificate security alarm or connection failure may occur during SSL handshake due to the lack of a complete certificate chain.