Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

DavidA2
Occasional Visitor

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

I'm having a devil of a time setting up HTTPS and I don't know what all is the minimum steps. I've downloaded tons of manuals but none have a process that I can get working. I have http, and ssh access but I can't get https to stay started.

 

So far the most I can figure out is I need to do this: (From Fundamentals Configuration Guide-R2220.pdf)

 

system-view
ip https ssl-server-policy policy-name
ip https enable
ip https certificate-access-control-policy policy-name
ip https port port-number      # this command isn't available on my firmware
ip https acl acl-number
local-user user-name
password [ [hash] {cipher | simple} password ]
authorization-attribute level level
service-type web        #this service type isn't available on my firmware, I'm guessing it's lan-access
quit

 

I've done what I think I can with the commands available on my firmware but I get the results below:

 

[MF-3Com-5500G-EI]ip https enable
Info: HTTPS server has been started!
[MF-3Com-5500G-EI]display ip https
SSL server policy: sslsvr
Certificate access-control-policy: 3com5500g-acl-1
Basic ACL: 2000
Operation status: Stopped
[MF-3Com-5500G-EI]

 

 

 

The thing is I don't know anything about pki, ssl, or the access-control-policy piece. Does anyone have a way I can set this up with a local certificate and how I go about generating that cert? I need full details on what I should be doing with the pki and ssl commands.

 

So far here was the config items I was playing with but I'm sure aren't valid to make it work: (from my current config)

 

 

#
.
.
.
#
pki domain 3com-5500g
ca identifier 3com-5500g.local.dom
#
pki certificate attribute-group everything
attribute 1 subject-name ip ctn .
#
ssl server-policy sslsvr
pki-domain 3com-5500g
#
local-user Admin
service-type lan-access
service-type ssh telnet terminal
level 3
service-type ftp
password-control length 7
#
acl number 2000
rule 1 permit source 0.0.0.0 192.168.1.255
rule 2 permit source 192.168.1.0 0.0.0.255
#
.
.
.
#
ip http acl 2000
#
ip https ssl-server-policy sslsvr
#
ip https certificate access-control-policy 3com5500g-acl-1
#
ip https acl 2000
#
ip https enable
#
ssh-server source-ip 192.168.1.252
ssh server authentication-retries 5
ssh user Admin authentication-type password
ssh user Admin service-type all
#
user-interface aux 0 7
authentication-mode password
set authentication password cipher *removed*
user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme
set authentication password cipher *removed*
#
return

 I appreciate any help anyone can give, let me know if you need any additional information

 

Thanks

 

 

P.S. This thread has been moved from Legacy to Comware-Based. -HP Forum Moderator

 

1 REPLY
manuel.bitzi
Trusted Contributor

Re: 3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

Hi David

 

https with Comware 3 and early versions of Comware 5 is a pain .... don't use it if you don't need it. You need a external CA with an SCEP Plugin, which allow to automaticly asign a cert from the switch to the ca. It works.

 

Here you will find a How to:

http://hpnetworkers.blogspot.ch/2012/02/hp-series-h3c-comware-https-howto-with.html

 

Since later Comware 5 and Comware 7 the Switch can use a self-assigned cert for its https interface.

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland