Comware Based
Showing results for 
Search instead for 
Did you mean: 

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

Occasional Visitor

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

I'm having a devil of a time setting up HTTPS and I don't know what all is the minimum steps. I've downloaded tons of manuals but none have a process that I can get working. I have http, and ssh access but I can't get https to stay started.


So far the most I can figure out is I need to do this: (From Fundamentals Configuration Guide-R2220.pdf)


ip https ssl-server-policy policy-name
ip https enable
ip https certificate-access-control-policy policy-name
ip https port port-number      # this command isn't available on my firmware
ip https acl acl-number
local-user user-name
password [ [hash] {cipher | simple} password ]
authorization-attribute level level
service-type web        #this service type isn't available on my firmware, I'm guessing it's lan-access


I've done what I think I can with the commands available on my firmware but I get the results below:


[MF-3Com-5500G-EI]ip https enable
Info: HTTPS server has been started!
[MF-3Com-5500G-EI]display ip https
SSL server policy: sslsvr
Certificate access-control-policy: 3com5500g-acl-1
Basic ACL: 2000
Operation status: Stopped




The thing is I don't know anything about pki, ssl, or the access-control-policy piece. Does anyone have a way I can set this up with a local certificate and how I go about generating that cert? I need full details on what I should be doing with the pki and ssl commands.


So far here was the config items I was playing with but I'm sure aren't valid to make it work: (from my current config)



pki domain 3com-5500g
ca identifier 3com-5500g.local.dom
pki certificate attribute-group everything
attribute 1 subject-name ip ctn .
ssl server-policy sslsvr
pki-domain 3com-5500g
local-user Admin
service-type lan-access
service-type ssh telnet terminal
level 3
service-type ftp
password-control length 7
acl number 2000
rule 1 permit source
rule 2 permit source
ip http acl 2000
ip https ssl-server-policy sslsvr
ip https certificate access-control-policy 3com5500g-acl-1
ip https acl 2000
ip https enable
ssh-server source-ip
ssh server authentication-retries 5
ssh user Admin authentication-type password
ssh user Admin service-type all
user-interface aux 0 7
authentication-mode password
set authentication password cipher *removed*
user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme
set authentication password cipher *removed*

 I appreciate any help anyone can give, let me know if you need any additional information





P.S. This thread has been moved from Legacy to Comware-Based. -HP Forum Moderator


Trusted Contributor

Re: 3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

Hi David


https with Comware 3 and early versions of Comware 5 is a pain .... don't use it if you don't need it. You need a external CA with an SCEP Plugin, which allow to automaticly asign a cert from the switch to the ca. It works.


Here you will find a How to:


Since later Comware 5 and Comware 7 the Switch can use a self-assigned cert for its https interface.




H3CSE, MASE Network Infrastructure [2011], Switzerland