#从windowsCA中导出CA及申请服务器证书pkiimportdomainzmdercafilenamecertnew.cerpkiimportdomainzmp12localfilenamess
.
#从windows CA 中导出CA及申请服务器证书pki import domain zm der ca filename certnew.cerpki import domain zm p12 local filename ssl.pfx#radius scheme zm primary authentication 192.168.9.2 key authentication simple 123123 user-name-format without-domain#pki domain zm public-key rsa signature name zm undo crl check enable#ssl server-policy zm pki-domain zm#ssl*** gateway zm ip address 1.2.3.4 ssl server-policy zm service enable#interface SSL×××-AC1 ip address 10.200.200.1 255.255.255.224#ssl*** ip address-pool zm 10.200.200.2 10.200.200.30#security-zone name Trust import interface SSL×××-AC1#ssl*** context zm gateway zm ip-tunnel interface SSL×××-AC1 ip-tunnel address-pool zm mask 27 ip-route-list zm include 192.168.0.0 255.255.0.0 policy-group zm filter ip-tunnel 3000 ip-tunnel access-route ip-route-list zm aaa domain zm service enable#user-group ***user authorization-attribute ssl***-policy-group ***user#domain zm # authorization-attribute user-group ***user authentication ssl*** ldap-scheme zm authorization ssl*** none accounting ssl*** none#
