hit counter script

Configuring The Secure Http Server - Cisco 3020 - Catalyst Blade Switch Configuration Manual

Cisco catalyst blade switch 3020 for hp software configuration guide, rel. 12.2(25)sef1
Hide thumbs Also See for 3020 - Cisco Catalyst Blade Switch:
Table of Contents

Advertisement

Configuring the Switch for Secure Socket Layer HTTP

Configuring the Secure HTTP Server

If you are using a certificate authority for certification, you should use the previous procedure to
configure the CA trustpoint on the switch before enabling the HTTP server. If you have not configured
a CA trustpoint, a self-signed certificate is generated the first time that you enable the secure HTTP
server. After you have configured the server, you can configure options (path, access list to apply,
maximum number of connections, or timeout policy) that apply to both standard and secure HTTP
servers.
Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP server:
Command
Step 1
show ip http server status
Step 2
configure terminal
Step 3
ip http secure-server
Step 4
ip http secure-port port-number
Step 5
ip http secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}
Step 6
ip http secure-client-auth
Step 7
ip http secure-trustpoint name
Step 8
ip http path path-name
Step 9
ip http access-class access-list-number (Optional) Specify an access list to use to allow access to the HTTP server.
Step 10
ip http max-connections value
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
6-46
Purpose
(Optional) Display the status of the HTTP server to determine if the secure
HTTP server feature is supported in the software. You should see one of
these lines in the output:
HTTP secure server capability: Present
or
HTTP secure server capability: Not present
Enter global configuration mode.
Enable the HTTPS server if it has been disabled. The HTTPS server is
enabled by default.
(Optional) Specify the port number to be used for the HTTPS server. The
default port number is 443. Valid options are 443 or any number in the
range 1025 to 65535.
(Optional) Specify the CipherSuites (encryption algorithms) to be used
for encryption over the HTTPS connection. If you do not have a reason to
specify a particularly CipherSuite, you should allow the server and client
to negotiate a CipherSuite that they both support. This is the default.
(Optional) Configure the HTTP server to request an X.509v3 certificate
from the client for authentication during the connection process. The
default is for the client to request a certificate from the server, but the
server does not attempt to authenticate the client.
Specify the CA trustpoint to use to get an X.509v3 security certificate and
to authenticate the client certificate connection.
Note
Use of this command assumes you have already configured a CA
trustpoint according to the previous procedure.
(Optional) Set a base HTTP path for HTML files. The path specifies the
location of the HTTP server files on the local system (usually located in
system flash memory).
(Optional) Set the maximum number of concurrent connections that are
allowed to the HTTP server. The range is 1 to 16; the default value is 5.
Chapter 6
Configuring Switch-Based Authentication
OL-8915-01

Advertisement

Table of Contents
loading

Table of Contents