Configuring the secure http client, Displaying secure http server and client status, Configuring the switch for secure copy protocol – Dell POWEREDGE M1000E User Manual

8-48

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 8 Configuring Switch-Based Authentication

Configuring the Switch for Secure Copy Protocol

Configuring the Secure HTTP Client

The standard HTTP client and secure HTTP client are always enabled. A certificate authority is required
for secure HTTP client certification. This procedure assumes that you have previously configured a CA
trustpoint on the switch. If a CA trustpoint is not configured and the remote HTTPS server requires client
authentication, connections to the secure HTTP client fail.

Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP client:

Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the
no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for
the client.

Displaying Secure HTTP Server and Client Status

To display the SSL secure server and client status, use the privileged EXEC commands in

Table 8-4

:

Configuring the Switch for Secure Copy Protocol

The Secure Copy Protocol (SCP) feature provides a secure and authenticated method for copying switch
configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol
that provides a secure replacement for the Berkeley r-tools.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

ip http client secure-trustpoint name

(Optional) Specify the CA trustpoint to be used if the remote HTTP server
requests client authentication. Using this command assumes that you have
already configured a CA trustpoint by using the previous procedure. The
command is optional if client authentication is not needed or if a primary
trustpoint has been configured.

Step 3

ip http client secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}

(Optional) Specify the CipherSuites (encryption algorithms) to be used
for encryption over the HTTPS connection. If you do not have a reason to
specify a particular CipherSuite, you should allow the server and client to
negotiate a CipherSuite that they both support. This is the default.

Step 4

end

Return to privileged EXEC mode.

Step 5

show ip http client secure status

Display the status of the HTTP secure server to verify the configuration.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Table 8-4

Commands for Displaying the SSL Secure Server and Client Status

Command

Purpose

show ip http client
secure status

Shows the HTTP secure client configuration.

show ip http server
secure status

Shows the HTTP secure server configuration.

show running-config

Shows the generated self-signed certificate for secure HTTP connections.