1-3Configuring an SSL Server PolicyAn SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL serverpolicy takes effect only after it is associated with an application layer protocol, HTTP protocol, forexample.Configuration PrerequisitesWhen configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining theserver side certificate. Therefore, before configuring an SSL server policy, you must configure a PKIdomain. For details about PKI domain configuration, refer to PKI Configuration in the Security Volume.Configuration ProcedureFollow these steps to configure an SSL server policy:To do... Use the command... RemarksEnter system view system-view —Create an SSL server policy andenter its view ssl server-policy policy-name RequiredSpecify a PKI domain for the SSLserver policy pki-domain domain-nameRequiredBy default, no PKI domain isspecified for an SSL server policy.Specify the cipher suite(s) for theSSL server policy to supportciphersuite[ rsa_aes_128_cbc_sha |rsa_des_cbc_sha |rsa_rc4_128_md5 |rsa_rc4_128_sha ] *OptionalBy default, an SSL server policysupports all cipher suites.Set the handshake timeout time forthe SSL server handshake timeout time Optional3,600 seconds by defaultConfigure the SSL connectionclose mode close-mode wait OptionalNot wait by defaultSet the maximum number ofcached sessions and the cachingtimeout timesession { cachesize size |timeout time } *OptionalThe defaults are as follows:500 for the maximum number ofcached sessions,3600 seconds for the cachingtimeout time.Enable certificate-based SSL clientauthentication client-verify enable OptionalNot enabled by default