Commands For Ssl Configuration

9.8 Commands for SSL Configuration

9.8.1 ip http secure-server

Command: ip http secure-server
no ip http secure-server
Function: Enable/disable SSL.
Parameter: None.
Command mode: Global Mode
Default: Disabled.
Usage guide: This command is used to enable and disable the SSL function. After enabling the SSL function, users can access the switch through https client, an SSL connection between the switch and client, and a safety SSL connect channel. All data transmitted at the application layer will be encrypted.
Example: Enable SSL.

active500EM(config)#ip http secure-server

 

9.8.2 ip http secure-port

Command: ip http secure-port <port-number>
no ip http secure-port
Function: Configure/delete the port number used by SSL.
Parameter:

  • <port-number>: configured port number. The valid range is between 1025 and 65535. 443 is the default.

Command mode: Global Mode
Default: Not configured.
Usage guide: The configured port number is used?for?monitoring if this command is used to configure the port number. If the port number for https changes, users must use the changed port number to connect. For example: https://device:port-number.? The SSL function must reboot after every change.
Example: Configure the port number to 1028.

active500EM(config)#ip http secure-port 1028

 

9.8.3 ip http secure- ciphersuite

Command: ip http secure-ciphersuite {des-cbc3-sha|rc4-128-sha| des-cbc-sha}
no ip http secure-ciphersuite
Function: Configure/delete secure cipher suite used by SSL.
Parameters:

  • des-cbc3-sha: encrypted algorithm DES-CBC3, summary algorithm SHA.
  • rc4-128-sha: encrypted algorithm RC4-128, summary algorithm SHA.
  • des-cbc-sha: encrypted algorithm DES-CBC, summary algorithm SHA.
  • Default: rc4-md5.

Command mode: Global Mode
Default: Not configured.
Usage guide: If this command is used to configure the secure cipher suite, specified encryption method will be used. The SSL should be restarted in order for the configured changes to take effect. When des-cbc-sha is configured, Internet Explorer 7.0 or above is required.
Example: Configure the secure cipher suite to rc4-128-sha.

active500EM(config)#ip http secure- ciphersuite rc4-128-sha

 

9.8.4 show ip http secure-server status

Command: show ip http secure-server status
Function: Show the status for the configured SSL.
Parameter: None.
Command mode: Admin and Configuration Mode
Default: None.
Usage guide: Show the status for the configured SSL.
Example: Show the status for the configured SSL.

active500EM#show ip http secure-server status
HTTP secure server status: Enabled
HTTP secure server port: 1028
HTTP secure server ciphersuite: rc4-128-sha

 

9.8.5 debug ssl

Command: debug ssl
no debug ssl
Function: Show the configured SSL information. The no command closes the debug.
Parameter: None.
Command mode: Admin Mode
Default: None.
Usage guide: Show the configured SSL information.
Example: Show the configured SSL information.

active500EM#debug ssl
%Jan 01 01:02:05 2006 ssl will to connect to web server 127.0.0.1:9998
%Jan 01 01:02:05 2006 connect to http security server success!

 


Return to Controller Wired CLI Table of Contents