Configuring the web server for https, General steps for a self-signed certificate – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Features Guide

Section IX: Management Security

391

Configuring the Web Server for HTTPS

The following sections outline the steps for configuring the web server on
the switch for HTTPS operation with a self-signed or CA certificate. The
steps reference only the command line commands, but the web server can
be configured from the menus interface, too.

General Steps for

a Self-signed

Certificate

These steps configure the web server with a self-signed certificate:

1. Set the switch’s date and time. The date and time are stamped in the

certificate.

2. Create a public and private key pair with the CREATE ENCO KEY

command.

3. Create a self-signed certificate using the public and private key pair

with the CREATE PKI CERTIFICATE command.

4. Add the certificate to the certificate database with the ADD PKI

CERTIFICATE command.

5. Disable the web server with the DISABLE HTTP SERVER command.

6. Activate HTTPS in the web server with the SET HTTP SERVER

command.

7. Enable the web server with the ENABLE HTTP SERVER command.

For an example of this command sequence, refer to the SET HTTP
SERVER command in the AT-S63 Management Software Command Line
Interface User’s Guide.

General Steps for

a Public or

Private CA

Certificate

These steps configure the web server with a public or private CA
certificate.

1. Set the switch’s date and time. The date and time are stamped in the

enrollment request.

2. Create a public and private key pair with the CREATE ENCO KEY

command.

3. Generate an enrollment request with the CREATE PKI

ENROLLMENTREQUEST command.

4. Upload the enrollment request from the switch’s file system with the

UPLOAD METHOD=TFTP or UPLOAD METHOD=XMODEM
command.

5. Submit the enrollment request to a public or private CA.