AT-S62 Command Line User’s Guide
501
Examples
The following command configures the web server for the non-secure
HTTP mode. Since no port is specified, the default HTTP port 80 is used:
set http server security=disabled
The following command configures the web server for the secure HTTPS
mode. It specifies the key pair ID as 5. Since no port is specified, the
default HTTPS port 443 is used:
set http server security=enabled sslkeyid=5
General Configuration Steps for a Self-signed Certificate
Below are the steps to configuring the switch’s web server for a self-
signed certificate using the command line commands:
1. Set the switch’s date and time. You can do this manually using SET
DATE TIME on page 76 or you can configure the switch to obtain the
date and time from an SNTP server using ADD SNTPSERVER
PEER|IPADDRESS on page 71.
2. Create an encryption key pair using CREATE ENCO KEY on page 508
(syntax 1).
3. Create the self-signed certificate using CREATE PKI CERTIFICATE on
page 518.
4. Add the self-signed certificate to the certificate database using ADD
PKI CERTIFICATE on page 516.
5. Disable the switch’s web server using DISABLE HTTP SERVER on page
497.
6. Configure the web server using SET HTTP SERVER on page 500.
7. Activate the web server using ENABLE HTTP SERVER on page 498.
The following is an example of the command sequence to configuring
the web server for a self-signed certificate. (The example does not
include step 1, setting the system time.)
1. This command creates an encryption key pair with an ID of 4, a length
of 512 bits, and the description “Switch 12 key”:
create enco key=4 type=rsa length=512
description=”Switch 12 key”
2. This command creates a self-signed certificate using the key created
in step 1.