HP ProCurve 9304M Security Manual page 35

• 0 (Read-Write) – equivalent to Super User level access. The user can display and configure everything.
• 4 (Port-Config) – allows the user to configure port parameters but not global parameters.
• 5 (Read-Only) – allows the user to display information but not to make configuration changes.
7. Click the Add button to save the change to the device's running-config file.
8. Repeat steps 4 – 7 for each user account. You can add up to 16 accounts.
9. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.
Configuring SSL Security for the Web Management Interface
Starting with release 07.8.00, HP devices support Secure Sockets Layer (SSL) for configuring the device using the
Web Management interface. When enabled, the SSL protocol uses digital certificates and public-private key pairs
to establish a secure connection to the HP device. Digital certificates serve to prove the identity of a connecting
client, and public-private key pairs provide a means to encrypt data sent between the device and the client.
Configuring SSL for the Web management interface consists of the following tasks:
• Enabling the SSL server on the HP device
• Importing an RSA certificate and private key file from a client (optional)
• Generating a certificate
Enabling the SSL Server on the HP Device
To enable the SSL server on the HP device, enter the following command:
ProCurveRS(config)# web-management https
Syntax: [no] web-management http | https
You can enable either the HTTP or HTTPs servers with this command. You can disable both the HTTP and
HTTPs servers by entering the following command:
ProCurveRS(config)# no web-management
Syntax: no web-management
Specifying a Port for SSL Communication
By default, SSL protocol exchanges occur on TCP port 443. You can optionally change the port number used for
SSL communication.
For example, the following command causes the device to use TCP port 334 for SSL communication:
ProCurveRS(config)# ip ssl port 334
Syntax: [no] ip ssl port <port-number>
The default port for SSL communication is 443.
Importing Digital Certificates and RSA Private Key Files
To allow a client to communicate with the HP device using an SSL connection, you configure a set of digital
certificates and RSA public-private key pairs on the device. A digital certificate is used for identifying the
connecting client to the server. It contains information about the issuing Certificate Authority, as well as a public
key. You can either import digital certificates and private keys from a server, or you can allow the HP device to
create them.
If you want to allow the HP device to create the digital certificates, see the next section, "Generating an SSL
Certificate". If you choose to import an RSA certificate and private key file from a client, you can use TFTP to
transfer the files.
For example, to import a digital certificate using TFTP, enter a command such as the following:
June 2005
Securing Access to Management Functions
2 - 19