Filter
Top Products
7-47
Cisco Catalyst Switch Module 3110 and 3012 for IBM BladeCenter Software Configuration Guide
OL-12189-01
Chapter 7 Configuring Switch-Based Authentication
Configuring the Switch for Secure Socket Layer HTTP
Use the no ip http server global configuration command to disable the standard HTTP server. Use the
no ip http secure-server global configuration command to disable the secure HTTP server. Use the no
ip http secure-port and the no ip http secure-ciphersuite global configuration commands to return to
the default settings. Use the no ip http secure-client-auth global configuration command to remove the
requirement for client authentication.
To verify the secure HTTP connection by using a Web browser, enter https://URL, where the URL is the
IP address or hostname of the server switch. If you configure a port other than the default port, you must
also specify the port number after the URL. For example:
https://209.165.129:1026
or
https://host.domain.com:1026
Configuring the Secure HTTP Client
The standard HTTP client and secure HTTP client are always enabled. A certificate authority is required
for secure HTTP client certification. This procedure assumes that you have previously configured a CA
trustpoint on the switch. If a CA trustpoint is not configured and the remote HTTPS server requires client
authentication, connections to the secure HTTP client fail.
Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP client:
Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the
no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for
the client.
Step 12
end Return to privileged EXEC mode.
Step 13
show ip http server secure status Display the status of the HTTP secure server to verify the configuration.
Step 14
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip http client secure-trustpoint name (Optional) Specify the CA trustpoint to be used if the remote HTTP server
requests client authentication. Using this command assumes that you have
already configured a CA trustpoint by using the previous procedure. The
command is optional if client authentication is not needed or if a primary
trustpoint has been configured.
Step 3
ip http client secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}
(Optional) Specify the CipherSuites (encryption algorithms) to be used
for encryption over the HTTPS connection. If you do not have a reason to
specify a particular CipherSuite, you should allow the server and client to
negotiate a CipherSuite that they both support. This is the default.
Step 4
end Return to privileged EXEC mode.
Step 5
show ip http client secure status Display the status of the HTTP secure server to verify the configuration.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.