Login
- Table of Contents
-
- 07-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-HTTP configuration
- 06-IP forwarding basics configuration
- 07-Fast forwarding configuration
- 08-Adjacency table configuration
- 09-IRDP configuration
- 10-IP performance optimization configuration
- 11-UDP helper configuration
- 12-IPv6 basics configuration
- 13-IPv6 neighbor discovery configuration
- 14-DHCPv6 configuration
- 15-IPv6 fast forwarding configuration
- 16-IPv6 transition technologies configuration
- 17-WAAS configuration
- 18-HTTP redirect configuration
- 19-Web caching configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 18-HTTP redirect configuration | 45.69 KB |
Associating an SSL server policy with the HTTPS redirect service
Verifying and maintaining HTTP redirect
Configuring HTTP redirect
About HTTP redirect
HTTP redirect is a method to redirect users' HTTP or HTTPS requests to a specific URL.
Associating an SSL server policy with the HTTPS redirect service
About associating an SSL server policy with the HTTPS redirect service
An SSL server policy is a set of SSL parameters used by the device when the device acts as the SSL server. You can configure parameters such as supported cipher suites and whether to perform digital certificate-based authentication on SSL clients for the SSL server policy.
You can use one of the following local certificates for HTTPS redirect service according to the security and configuration complexity requirements:
· Self-Signed certificate—This type of certificate is simple in configuration but has low security. Default SSL parameters are used and you do not need to create an SSL server policy. However, because the self-signed certificate is not trusted by the browser, when the device redirects HTTPS requests to the specified URL, a certificate security warning prompt might appear on the browser. If you accept the security risks stated in the prompt, you can ignore the prompt to browse the page.
· CA-Signed certificate—This type of certificate is complex in configuration but has high security. You must obtain a CA certificate, configure the device to request a local certificate from the CA, create an SSL server policy, and associate it with the HTTPS redirect service. Thus, the security of HTTPS redirect can be improved.
For more information about digital certificates, see PKI in Security Configuration Guide. For more information about the SSL server policy configuration, see SSL in Security Configuration Guide.
Restrictions and guidelines
HTTPS redirect is unavailable if the associated SSL server policy does not exist. You can first associate a nonexistent SSL server policy with the HTTPS redirect service and then configure the SSL server policy.
If you change the SSL server policy associated with the HTTPS redirect service, the new policy takes effect immediately.
If you perform this task multiple times, the most recent configuration takes effect.
Procedure
1. Enter system view.
system-view
2. Associate an SSL server policy with the HTTPS redirect service.
http-redirect ssl-server-policy policy-name
By default, no SSL server policy is associated with the HTTPS redirect service. The HTTPS redirect service uses the self-assigned certificate and the default SSL parameters.
Verifying and maintaining HTTP redirect
To display packet statistics for HTTP redirect, execute the following command in any view:
display http-redirect statistics [ slot slot-number ]
To clear packet statistics for HTTP redirect, execute the following command in user view:
reset http-redirect statistics [ slot slot-number ]
