2-3z After the HTTPS service is enabled, you can use the display ip https command to view the stateof the HTTPS service and verify the configuration.z Enabling of the HTTPS service will trigger an SSL handshake negotiation process. During theprocess, if the local certificate of the device already exists, the SSL negotiation is successfullyperformed, and the HTTPS service can be started normally. If no local certificate exists, acertificate application process will be triggered by the SSL negotiation. Since the applicationprocess takes much time, the SSL negotiation may fail and the HTTPS service cannot be startednormally. Therefore, the ip https enable command must be executed for multiple times to ensurenormal startup of the HTTPS service.Associating the HTTPS Service with a Certificate Attribute AccessControl PolicyAssociating the HTTPS service with a configured certificate access control policy helps control theaccess right of the client, thus providing the device with enhanced security.Follow these steps to associate the HTTPS service with a certificate attribute access control policy:To do… Use the command… RemarksEnter system view system-view —Associate the HTTPS servicewith a certificate attributeaccess control policyip https certificateaccess-control-policypolicy-nameRequiredNot associated by default.z If the ip https certificate access-control-policy command is executed repeatedly, the HTTPSserver is only associated with the last specified certificate attribute access control policy.z If the HTTPS service is associated with a certificate attribute access control policy, theclient-verify enable command must be configured in the SSL server policy. Otherwise, the clientcannot log onto the device.z If the HTTPS service is associated with a certificate attribute access control policy, the latter mustcontain at least one permit rule. Otherwise, no HTTPS client can log onto the device.z For the configuration of an SSL server policy, refer to PKI Configuration.Configuring the Port Number of the HTTPS ServiceConfiguration of the port number of the HTTPS service can reduce the attacks from illegal users on theHTTPS service.Follow these steps to configure the port number of the HTTPS service: