ssl policy

Function

The ssl policy command creates an SSL policy and displays the Secure Sockets Layer (SSL) policy view. If the SSL policy to be created already exists, running this command presents you the view of the SSL policy.

The undo ssl policy command deletes an SSL policy.

By default, no SSL policies are created.

Format

ssl policy policy-name

undo ssl policy policy-name

Parameters

Parameter	Description	Value
policy-name	Specifies the name of an SSL policy.	The value is a string of 1 to 23 case-insensitive characters, spaces not supported.

Views

System view

Default Level

3: Management level

Usage Guidelines

Applicable Environment

Traditional FTP and HTTP do not have security mechanisms. They transmit data in plain text, cannot authenticate communicating devices or prevent transmitted data from being tampered with, which exposes data transmission to security threats. SSL provides data encryption, authentication, and a message integrity check for security of application layer protocols based on reliable TCP connections.

Configuration Impact

An SSL policy is created when the ssl policy command is used for the first time. The SSL policy is a mechanism for SSL message transmission.

Follow-up Procedure

After entering the SSL policy view, you can perform the following configurations:

Run the certificate load command to load a certificate or a certificate chain.
Run the crl load command to load a CRL.
Run the trusted-ca load command to load a trusted-CA file.

Precautions

A maximum of four SSL policies can be configured.

Example

# Create an SSL policy named ftps_der and enter the view of the SSL policy.

<sysname> system-view
[sysname] ssl policy ftps_der
[sysname-ssl-policy-ftps_der]