Configuring Secure Socket Layer HTTP
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
ip http client secure-trustpoint name
Example:
Switch(config)# ip http client
secure-trustpoint your_trustpoint
Step 3
ip http client secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}
Example:
Switch(config)# ip http client
secure-ciphersuite rc4-128-md5
Step 4
end
Example:
Switch(config)# end
How to Configure Secure HTTP Servers and Clients
These sections contain this configuration information:
Monitoring Secure HTTP Server and Client Status
To monitor the SSL secure server and client status, use the privileged EXEC commands in the following table.
Table 13: Commands for Displaying the SSL Secure Server and Client Status
Command
show ip http client secure status
show ip http server secure status
OL-29434-01
Purpose
Enters the global configuration mode.
(Optional) Specifies the CA trustpoint to be used if the remote HTTP
server requests client authentication. Using this command assumes
that you have already configured a CA trustpoint by using the previous
procedure. The command is optional if client authentication is not
needed or if a primary trustpoint has been configured.
(Optional) Specifies the CipherSuites (encryption algorithms) to be
used for encryption over the HTTPS connection. If you do not have
a reason to specify a particular CipherSuite, you should allow the
server and client to negotiate a CipherSuite that they both support.
This is the default.
Returns to privileged EXEC mode.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
How to Configure Secure HTTP Servers and Clients
Purpose
Shows the HTTP secure client configuration.
Shows the HTTP secure server configuration.
103