Configuring Secure Http Servers And Clients; Configuring A Ca Trustpoint; Configuring The Secure Http Server - Cisco IE-4000 Software Configuration Manual

Configuring Switch-Based Authentication
How to Configure Switch-Based Authentication

Configuring Secure HTTP Servers and Clients

Configuring a CA Trustpoint

Command
1. configure terminal
2. hostname hostname
3. ip domain-name domain-name
4. crypto key generate rsa
5. crypto ca trustpoint name
6. enrollment url url
7. enrollment http-proxy host-name
port-number
8. crl query url
9. primary
10. exit
11. crypto ca authentication name
12. crypto ca enroll name
13. end
14. show crypto ca trustpoints

Configuring the Secure HTTP Server

Before You Begin
If you are using a certificate authority for certification, you should use the previous procedure to configure the CA
trustpoint on the switch before enabling the HTTP server. If you have not configured a CA trustpoint, a self-signed
certificate is generated the first time that you enable the secure HTTP server. After you have configured the server, you
can configure options (path, access list to apply, maximum number of connections, or timeout policy) that apply to both
standard and secure HTTP servers.
Purpose
Enters global configuration mode.
Specifies the hostname of the switch (required only if you have not
previously configured a hostname).
Specifies the IP domain name of the switch (required only if you have not
previously configured an IP domain name).
(Optional) Generates an RSA key pair. RSA key pairs are required before
you can obtain a certificate for the switch. RSA key pairs are generated
automatically. You can use this command to regenerate the keys, if
needed.
Specifies a local configuration name for the CA trustpoint and enter CA
trustpoint configuration mode.
Specifies the URL to which the switch should send certificate requests.
(Optional) Configures the switch to obtain certificates from the CA
through an HTTP proxy server.
Configures the switch to request a certificate revocation list (CRL) to
ensure that the certificate of the peer has not been revoked.
(Optional) Specifies that the trustpoint should be used as the primary
(default) trustpoint for CA requests.
Exits CA trustpoint configuration mode and returns to global configuration
mode.
Authenticates the CA by getting the public key of the CA. Uses the same
name used in Step 5.
Obtains the certificate from the specified CA trustpoint. This command
requests a signed certificate for each RSA key pair.
Returns to privileged EXEC mode.
Verifies the configuration.
181