1-3Configuring an SSL Server PolicyAn SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL serverpolicy takes effect only after it is associated with an application layer protocol, HTTP protocol, forexample.Configuration PrerequisitesWhen configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining theserver side certificate. Therefore, before configuring an SSL server policy, you must configure a PKIdomain. For details about PKI domain configuration, refer to PKI Configuration in the Security Volume.Configuration ProcedureFollow these steps to configure an SSL server policy:To do... Use the command... RemarksEnter system view system-view —Create an SSL server policyand enter its view ssl server-policy policy-name RequiredSpecify a PKI domain for theSSL server policy pki-domain domain-nameRequiredBy default, no PKI domain isspecified for an SSL serverpolicy.Specify the cipher suite(s) forthe SSL server policy tosupportciphersuite[ rsa_aes_128_cbc_sha |rsa_des_cbc_sha |rsa_rc4_128_md5 |rsa_rc4_128_sha ] *OptionalBy default, an SSL serverpolicy supports all ciphersuites.Set the handshake timeout timefor the SSL server handshake timeout time Optional3,600 seconds by defaultConfigure the SSL connectionclose mode close-mode wait OptionalNot wait by defaultSet the maximum number ofcached sessions and thecaching timeout timesession { cachesize size |timeout time } *OptionalThe defaults are as follows:500 for the maximum numberof cached sessions,3600 seconds for the cachingtimeout time.Enable certificate-based SSLclient authentication client-verify enable OptionalNot enabled by default