How To Configure Secure Http Servers And Clients; Configuring A Ca Trustpoint - Cisco Catalyst 2960-X Security Configuration Manual

Configuring Secure Socket Layer HTTP

How to Configure Secure HTTP Servers and Clients

Configuring a CA Trustpoint

For secure HTTP connections, we recommend that you configure an official CA trustpoint. A CA trustpoint
is more secure than a self-signed certificate.
Beginning in privileged EXEC mode, follow these steps to configure a CA Trustpoint:
SUMMARY STEPS
1. configure terminal
2. hostname hostname
3. ip domain-name domain-name
4. crypto key generate rsa
5. crypto ca trustpoint name
6. enrollment url url
7. enrollment http-proxy host-name port-number
8. crl query url
9. primary name
10. exit
11. crypto ca authentication name
12. crypto ca enroll name
13. end
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2 hostname hostname
Example:
Switch(config)# hostname your_hostname
Step 3
ip domain-name domain-name
Example:
Switch(config)# ip domain-name your_domain
OL-29048-01
Purpose
Enters the global configuration mode.
Specifies the hostname of the switch (required only if you have
not previously configured a hostname). The hostname is required
for security keys and certificates.
Specifies the IP domain name of the switch (required only if you
have not previously configured an IP domain name). The domain
name is required for security keys and certificates.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
How to Configure Secure HTTP Servers and Clients
129