#从windows CA 中导出CA及申请服务器证书
pki import domain zm der ca filename certnew.cer
pki import domain zm p12 local filename ssl.pfx
#
radius scheme zm
primary authentication 192.168.9.2
key authentication simple 123123
user-name-format without-domain
#
pki domain zm
public-key rsa signature name zm
undo crl check enable
#
ssl server-policy zm
pki-domain zm
#
ssl*** gateway zm
ip address 1.2.3.4
ssl server-policy zm
service enable
#
interface SSL×××-AC1
ip address 10.200.200.1 255.255.255.224
#
ssl*** ip address-pool zm 10.200.200.2 10.200.200.30
#
security-zone name Trust
import interface SSL×××-AC1
#
ssl*** context zm
gateway zm
ip-tunnel interface SSL×××-AC1
ip-tunnel address-pool zm mask 27
ip-route-list zm
include 192.168.0.0 255.255.0.0
policy-group zm
filter ip-tunnel 3000
ip-tunnel access-route ip-route-list zm
aaa domain zm
service enable
#
user-group ***user
authorization-attribute ssl***-policy-group ***user
#
domain zm
# authorization-attribute user-group ***user
authentication ssl*** ldap-scheme zm
authorization ssl*** none
accounting ssl*** none
#
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341