The web-manager security verify-ssl-peer command enables bidirectional certificate authentication between the FW and client.
The undo web-manager security verify-ssl-peer command disables bidirectional certificate authentication between the FW and client.
By default, bidirectional certificate authentication is disabled; unidirectional certificate authentication is implemented between the FW and client. Specifically, the client authenticates the certificate of the FW, and the FW does not authenticate the certificate of the client.
After the web-manager security verify-ssl-peer command is run, when you log in to the FW using HTTPS, the client sends its client certificate to the FW and the FW uses the CA certificate to authenticate the client certificate. The FW displays the login page only when the authentication succeeds.
Before running the web-manager security verify-ssl-peer command, apply for a CA certificate, upload it to the FW storage, and import it to the memory. For details, see the pki import-certificate command. In addition, import the client certificate to the client browser.
You also need to run the web-manager security ca-certificate command to configure the FW to use the requested CA certificate to authenticate the client certificate.