Configuring the secure http server – Dell POWEREDGE M1000E User Manual

8-46

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 8 Configuring Switch-Based Authentication

Configuring the Switch for Secure Socket Layer HTTP

Use the no crypto ca trustpoint name global configuration command to delete all identity information
and certificates associated with the CA.

Configuring the Secure HTTP Server

If you are using a certificate authority for certification, you should use the previous procedure to
configure the CA trustpoint on the switch before enabling the HTTP server. If you have not configured
a CA trustpoint, a self-signed certificate is generated the first time that you enable the secure HTTP
server. After you have configured the server, you can configure options (path, access list to apply,
maximum number of connections, or timeout policy) that apply to both standard and secure HTTP
servers.

Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP server:

Step 7

enrollment http-proxy host-name
port-number

(Optional) Configure the switch to obtain certificates from the CA
through an HTTP proxy server.

Step 8

crl query url

Configure the switch to request a certificate revocation list (CRL) to
ensure that the certificate of the peer has not been revoked.

Step 9

primary

(Optional) Specify that the trustpoint should be used as the primary
(default) trustpoint for CA requests.

Step 10

exit

Exit CA trustpoint configuration mode and return to global configuration
mode.

Step 11

crypto ca authentication name

Authenticate the CA by getting the public key of the CA. Use the same
name used in Step 5.

Step 12

crypto ca enroll name

Obtain the certificate from the specified CA trustpoint. This command
requests a signed certificate for each RSA key pair.

Step 13

end

Return to privileged EXEC mode.

Step 14

show crypto ca trustpoints

Verify the configuration.

Step 15

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Command

Purpose

Step 1

show ip http server status

(Optional) Display the status of the HTTP server to determine if the
secure HTTP server feature is supported in the software. You should see
one of these lines in the output:

HTTP secure server capability: Present

or

HTTP secure server capability: Not present

Step 2

configure terminal

Enter global configuration mode.

Step 3

ip http secure-server

Enable the HTTPS server if it has been disabled. The HTTPS server is
enabled by default.

Step 4

ip http secure-port port-number

(Optional) Specify the port number to be used for the HTTPS server. The
default port number is 443. Valid options are 443 or any number in the
range 1025 to 65535.