Allied Telesis AT-S63 User Manual
Page 492
Chapter 32: Web Server Commands
492
set http server security=disabled
The following command configures the web server for the secure HTTPS
mode. It specifies the key pair ID as 5. Since no port is specified, the
default HTTPS port 443 is used:
set http server security=enabled sslkeyid=5
General Configuration Steps for a Self-signed Certificate
Below are the steps to configuring the switch’s web server for a self-
signed certificate using the command line commands:
1. Set the switch’s date and time. You can do this manually using “SET
DATE” on page 89 or you can configure the switch to obtain the date
and time from an SNTP server using “ADD SNTPSERVER
PEER|IPADDRESS” on page 84.
2. Create an encryption key pair using “CREATE ENCO KEY” on
page 498 (syntax 1).
3. Create the self-signed certificate using “CREATE PKI CERTIFICATE”
4. Add the self-signed certificate to the certificate database using “ADD
5. Disable the switch’s web server using “DISABLE HTTP SERVER” on
6. Configure the web server using “SET HTTP SERVER” on page 491.
7. Activate the web server using “ENABLE HTTP SERVER” on
The following is an example of the command sequence to configuring the
web server for a self-signed certificate. (The example does not include
step 1, setting the system time.)
1. This command creates the encryption key pair with an ID of 4, a length
of 512 bits, and the description “Switch 12 key”:
create enco key=4 type=rsa length=512 description="Switch
12 key"
2. This command creates a self-signed certificate using the key created
in step 1. The certificate is assigned the filename “Sw12cert.cer. (The
“.cer” extension is not included in the command because it is added
automatically by the management software.) The certificate is
assigned the serial number 0 and a distinguished name of
149.11.11.11, which is the IP address of a master switch: