Web and Unmanaged
cancel
Showing results for 
Search instead for 
Did you mean: 

HP1500 (JG962A) - SSL Certificate ignored

 
RaBu78
Occasional Visitor

HP1500 (JG962A) - SSL Certificate ignored

Dear all,

I've a new HP1500 (JG962A) Switch and want to install my own certificate from from our interal Company CA. Therefore I setup the PKI like the following:

PKI Entity:
- Entity: "switch05"
- Common Name: switch05.company.local

PKI-Domain:
- Domain name: "company-ca"
- PKI entity: "switch05"
- Extension for certificate: SSL Server, SSL Client

SSL Server Policy:
- Policy name: switch05
- PKI domain: "company-ca"
Ciphersuites: all checked
- Client verify: Disabled

I installed our root certificate and the certificate for "switch05.company.local" to the PKI Domain successfully. I activated the HTTPS Service, saved the config and reboot the switch.

Now the problem: I always got the self-signed certificate in the browser view. Everthing I do I always get the self signed certificate. Why? And how can I tell the switch to use my PKI domain "company-ca" for the HTTPS service.

I have other switches like HP6600 or HPE V1910-48G and no problems to install it. The HPE V1910 is very similar to the HP1500 (e.g. create PKI etc.) and it works very well.

Here my confiuration:

#
version 7.1.070, Release 3208P16
#
sysname switch05
#
clock timezone Brussels add 01:00:00
clock summer-time FDT 02:00:00 March last Sunday 03:00:00 October last Sunday 01:00:00
clock protocol ntp
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dns server 10.0.x.x
dns server 10.0.x.x
#
transceiver phony-alarm-disable
password-recovery enable
#
vlan 1
#
interface NULL0
#
interface Vlan-interface1
ip address 10.0.x.x 255.255.x.x
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
scheduler logfile size 16
#
line class aux
authentication-mode scheme
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 8000000000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version all
#
ssh server enable
#
sntp enable
sntp unicast-server 10.0.x.x
sntp unicast-server 10.0.x.x
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxxxxxxxxxx
service-type ftp
service-type telnet http https pad ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
pki domain company-ca
certificate request entity switch05
public-key rsa general name switch05 length 2048
usage ssl-client
usage ssl-server
undo crl check enable
#
pki entity switch05
common-name switch05.company.local
#
ssl server-policy switch05
pki-domain company-ca
ciphersuite rsa_aes_128_cbc_sha rsa_des_cbc_sha rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_ede_cbc_sha rsa_aes_256_cbc_sha exp_rsa_rc4_md5 exp_rsa_rc2_md5 exp_rsa_des_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha
#
ip http enable
ip https enable
web idle-timeout 60
#
return