1-4To do... Use the command... Remarksnumber of cached sessions,z 3600 seconds for thecaching timeout time.Enable certificate-based SSLclient authentication client-verify enable OptionalNot enabled by defaultz If you enable client authentication here, you must request a local certificate for the client.z Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clientsrunning SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a clientrunning SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carriedin the packet that the client sends to the server), the server will notify the client to use SSL 3.0 orTLS 1.0 to communicate with the server.SSL Server Policy Configuration ExampleNetwork requirementsAs shown in Figure 1-3, users can access and control Device through Web pages. For security of thedevice, it is required that users use HTTPS (HTTP Security, which uses SSL) to log in to the Webinterface of the device and use SSL for identity authentication to ensure that data will not beeavesdropped or tampered with.To achieve the goal, perform the following configurations:z Configure Device to work as the HTTPS server and request a certificate for Device.z Request a certificate for Host so that Device can authenticate the identity of Host.z Configure a CA server to issue certificates to Device and Host.z In this example, Windows Server works as the CA server and the Simple Certificate EnrollmentProtocol (SCEP) plug-in is installed on the CA server.z Before performing the following configurations, ensure that Device, Host, and the CA server canreach each other.