topic Re: ProCurve Switch 2510G-24 configure connection https and telnet in HPE Aruba Networking & ProVision-based

ProCurve Switch 2510G-24 configure connection https and telnet

Santy01 — Wed, 08 Apr 2015 13:57:09 GMT

Hi,

i've a switch HP, i want to change the browsing from http to https

and open the connection instead of telnet the connection:

SSH port 22

I tried to check the configuration but i think for change this parameter is need a command line,

someone can help me

Regards

Santino

Re: ProCurve Switch 2510G-24 configure connection https and telnet

EricAtHP — Wed, 08 Apr 2015 15:59:59 GMT

By default, telnet, ssh, and http are enabled on the switch.

To enable https, you first need to create a certificate. You can create a self-signed certificate or you can request one from a certificate authority. You first need to set the time or better yet use sntp.

To setup SNTP:
timesync sntp
sntp unicast
sntp server priority 1 10.1.1.10
time daylight-time-rule continental-us-and-canada
time timezone -420

To create a self-signed certificate:
crypto key generate cert rsa bits 2048
crypto host-cert generate self-signed
(answer the prompts)

To enable https:
web-management ssl

To disable http:
no web-management

To disable telnet:
no telnet-server

If you want to get a signed certificate, the process is more involved and unless you have a company certificate authority, it will cost money to get it and really isn't necessary. But here is the process. If that is what you want to do, let me know and I will give you the steps. Or you can look at the manuals.

Re: ProCurve Switch 2510G-24 configure connection https and telnet

Santy01 — Thu, 09 Apr 2015 08:57:41 GMT

Thk for your support but i've only a problem to To create a self-signed certificate,

the command you posted:

crypto key generate cert rsa bits 2048

is not valid, see below

ProCurve Switch 2510G-24(config)# crypto help
Usage: crypto host-cert generate self-signed [START END CNAME OU ORG
                                              CITY STATE COUNTRY]
       crypto host-cert zeroize
       crypto key generate <ssh [rsa] | cert [rsa] KEYSIZE>
       crypto key zeroize <ssh | cert>

Description: Install or remove authentication files for ssh or https server.

Parameters:

    o host-cert - operation on the https host certificate file. The host
             certificate file cannot be created before the certificate
             rsa key file has been created.
    o key - operation on an ssh or https rsa key file.
    o generate - install new key or self-signed certificate.
             Note: installing a new key may be very slow in the first few
             minutes after booting the device.
    o zeroize - remove an existing key or certificate file.

    o self-signed - install new self-signed certificate.
    o START - certificate will be valid beginning on this date.
    o END - certificate will be valid until this date.
    o CNAME - the name (IP address) of this device.
    o OU - organizational unit or department.
    o ORG - organization name.
    o CITY - city or location.
    o STATE - state or region.
    o COUNTRY - two character ISO country code. Typing 'x<TAB>' will
             provide a list of all valid country codes beginning with
             the letter x.

    o ssh - Install/remove host key for ssh server.
    o cert - Install/remove rsa key for https certificate.
    o rsa - optional keyword indicating key type (only rsa is available).
    o KEYSIZE - for a certificate key, the size of the key desired.
             Certificate keys may be 512, 768, or 1024 bits. (Ssh host
             keys are always 896 bits.)

ProCurve Switch 2510G-24(config)#
ProCurve Switch 2510G-24(config)# crypto key generate cert rsa bits 2048
Invalid input: bits
ProCurve Switch 2510G-24(config)# crypto key generate cert rsa keysize 2048
Invalid input: keysize
ProCurve Switch 2510G-24(config)#

Re: ProCurve Switch 2510G-24 configure connection https and telnet

EricAtHP — Thu, 09 Apr 2015 14:32:34 GMT

I generating these commands on a 2920 so there is a chance that they are slightly different. You may also update the software.

In any case, use the <tab> key as you type a command to see the options that come next.

Something like "crypto key generate cert rsa KEYSIZE" should work.

It also may be that the version of software you are running doesn't support a keysize of 2048 and only 1024. Use what ever is available.

Re: ProCurve Switch 2510G-24 configure connection https and telnet

Santy01 — Wed, 15 Apr 2015 07:43:48 GMT

I upgraded the firmware and i was able to generate the certificate and enable the https trafic,

i tried to enable also SSH but explain this error message:

ssh cannot be enabled until a host key is configured (use 'crypto' command)

Why if i've already used crypto command for create the certificare:

crypto key generate cert 1024

crypto host-cert generate self-signed

Thk in advance for help

Santino

Re: ProCurve Switch 2510G-24 configure connection https and telnet

EricAtHP — Wed, 15 Apr 2015 14:25:16 GMT

Interesting, I haven't played with the 2510 but 2920 and higher have SSH enabled by default.

You can generate a key with a command like this:

crypto key generate ssh rsa

optionally, use the 'bits' option after rsa to specify how big of a key you want.

When you are typing these commands use the <tab> key to do auto-complete as well as to see the available options for the next part of the command.