< Home

server-side ca-certificate

Function

The server-side ca-certificate command configures a CA certificate used when the FW functions as a trusted access proxy client.

The undo server-side ca-certificate command cancels the CA certificate configuration when the FW functions as a trusted access proxy client.

Format

server-side ca-certificate <ca-certificate-name>

undo server-side ca-certificate

Parameters

Parameter Description Value

ca-certificate-name

Indicates the certificate name.

-

Views

SSL offloading profile view

Default Level

2: Configuration level

Usage Guidelines

In trusted access proxy scenarios, after the server-side encryption enable command is run to configure encrypted connections to real servers, you can run the server-side ca-certificate command to configure the FW to verify the CA certificate of the internal server when the FW accesses applications on an internal server through HTTPS. If no CA certificate is specified, the internal server certificate is not verified.

By default, no CA certificate is specified.

The FW supports this command only after the trusted access proxy component package is loaded. For details about the component package, see Dynamic Loading.

Example

# Configure the server CA certificate cert1 on the client.

<sysname> system-view
[sysname] slb
[sysname-slb] ssl-profile test
[sysname-slb-ssl-profile-0] server-side encryption enable
[sysname-slb-ssl-profile-0] server-side ca-certificate cert1
Parent Topic: SLB Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >