1-4z If you enable client authentication here, you must request a local certificate for the client.z Currently, SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0corresponds to SSL 3.1. When the device acts as an SSL server, it can communicate with clientsrunning SSL 3.0 or TLS 1.0, and can identify Hello packets from clients running SSL 2.0. If a clientrunning SSL 2.0 also supports SSL 3.0 or TLS 1.0 (information about supported versions is carriedin the packet that the client sends to the server), the server will notify the client to use SSL 3.0 orTLS 1.0 to communicate with the server.SSL Server Policy Configuration ExampleNetwork requirementsz Device works as the HTTPS server.z A host works as the client and accesses the HTTPS server through HTTP secured with SSL.z A certificate authority (CA) issues a certificate to Device.In this instance, Windows Server works as the CA and the Simple Certificate Enrollment Protocol(SCEP) plug-in is installed on the CA.Figure 1-3 Network diagram for SSL server policy configurationConfiguration procedure1) Request a certificate for Device# Create a PKI entity named en and configure it. system-view[Device] pki entity en[Device-pki-entity-en] common-name http-server1[Device-pki-entity-en] fqdn ssl.security.com[Device-pki-entity-en] quit# Create a PKI domain and configure it.