7-46
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter7 Configuring Switch-Based Authentication
Configuring the Switch for Secure Socket Layer HTTP
Use the no crypto ca trustpoint name global configuration command to delete all identity information
and certificates associated with the CA.
Configuring the Secure HTTP Server
If you are using a certificate authority for certification, you sho uld use the previous proc ed ure t o
configure the CA trustpoint on the switch before enabling the HTTP server. If you have not configured
a CA trustpoint, a self-signed certificate is generated the first time that you enable the secure HT TP
server. After you have configured the server, you can configure options (path, access list to apply,
maximum number of connections, or timeout policy) that apply to both standard and secure HTTP
servers.
Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP server:
Step5 crypto ca trustpoint name Specify a local configuration name for the CA trustpoint and enter CA
trustpoint configuration mode.
Step6 enrollment url url Specify the URL to which the switch should send certificate requests.
Step7 enrollment http-proxy host-name
port-number (Optional) Configure the switch to obtain certificates from the CA
through an HTTP proxy server.
Step8 crl query url Configure the switch to request a certificate revocation list (CRL) to
ensure that the certificate of the peer has not been revoked.
Step9 primary (Optional) Specify that the trustpoint should be used as the primary
(default) trustpoint for CA requests.
Step10 exit Exit CA trustpoint configuration mode and return to global configuration
mode.
Step11 crypto ca authentication name Authenticate the CA by getting the public key of the CA. Use the same
name used in Step 5.
Step12 crypto ca enroll name Obtain the certificate from the specified CA trustpoint. This command
requests a signed certificate for each RSA key pair.
Step13 end Return to privileged EXEC mode.
Step14 show crypto ca trustpoints Verify the configuration.
Step15 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 show ip http server status (Optional) Display the status of the HTTP server to determine if the secure
HTTP server feature is supported in the software. You should see one of
these lines in the output:
HTTP secure server capability: Present
or
HTTP secure server capability: Not present
Step2 configure terminal Enter global configuration mode.
Step3 ip http secure-server Enable the HTTPS server if it has been disabled. The HTTPS server is
enabled by default.