HPE Community
Comware Based
1821413 Members
2580 Online
109633 Solutions
New Discussion

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

 
DavidA2
Occasional Visitor

‎04-17-2014 04:58 PM - last edited on ‎04-20-2014 04:19 PM by

‎04-17-2014 04:58 PM - last edited on ‎04-20-2014 04:19 PM by

3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

I'm having a devil of a time setting up HTTPS and I don't know what all is the minimum steps. I've downloaded tons of manuals but none have a process that I can get working. I have http, and ssh access but I can't get https to stay started.

 

So far the most I can figure out is I need to do this: (From Fundamentals Configuration Guide-R2220.pdf)

 

system-view
ip https ssl-server-policy policy-name
ip https enable
ip https certificate-access-control-policy policy-name
ip https port port-number      # this command isn't available on my firmware
ip https acl acl-number
local-user user-name
password [ [hash] {cipher | simple} password ]
authorization-attribute level level
service-type web        #this service type isn't available on my firmware, I'm guessing it's lan-access
quit

 

I've done what I think I can with the commands available on my firmware but I get the results below:

 

[MF-3Com-5500G-EI]ip https enable
Info: HTTPS server has been started!
[MF-3Com-5500G-EI]display ip https
SSL server policy: sslsvr
Certificate access-control-policy: 3com5500g-acl-1
Basic ACL: 2000
Operation status: Stopped
[MF-3Com-5500G-EI]

 

 

 

The thing is I don't know anything about pki, ssl, or the access-control-policy piece. Does anyone have a way I can set this up with a local certificate and how I go about generating that cert? I need full details on what I should be doing with the pki and ssl commands.

 

So far here was the config items I was playing with but I'm sure aren't valid to make it work: (from my current config)

 

 

#
.
.
.
#
pki domain 3com-5500g
ca identifier 3com-5500g.local.dom
#
pki certificate attribute-group everything
attribute 1 subject-name ip ctn .
#
ssl server-policy sslsvr
pki-domain 3com-5500g
#
local-user Admin
service-type lan-access
service-type ssh telnet terminal
level 3
service-type ftp
password-control length 7
#
acl number 2000
rule 1 permit source 0.0.0.0 192.168.1.255
rule 2 permit source 192.168.1.0 0.0.0.255
#
.
.
.
#
ip http acl 2000
#
ip https ssl-server-policy sslsvr
#
ip https certificate access-control-policy 3com5500g-acl-1
#
ip https acl 2000
#
ip https enable
#
ssh-server source-ip 192.168.1.252
ssh server authentication-retries 5
ssh user Admin authentication-type password
ssh user Admin service-type all
#
user-interface aux 0 7
authentication-mode password
set authentication password cipher *removed*
user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme
set authentication password cipher *removed*
#
return

 I appreciate any help anyone can give, let me know if you need any additional information

 

Thanks

 

 

P.S. This thread has been moved from Legacy to Comware-Based. -HP Forum Moderator

 

0 Kudos
1 REPLY 1
manuel.bitzi
Trusted Contributor

‎04-23-2014 01:15 AM

‎04-23-2014 01:15 AM

Re: 3Com 5500G-EI (3CR17254-91) need help setting up HTTPS

Hi David

 

https with Comware 3 and early versions of Comware 5 is a pain .... don't use it if you don't need it. You need a external CA with an SCEP Plugin, which allow to automaticly asign a cert from the switch to the ca. It works.

 

Here you will find a How to:

http://hpnetworkers.blogspot.ch/2012/02/hp-series-h3c-comware-https-howto-with.html

 

Since later Comware 5 and Comware 7 the Switch can use a self-assigned cert for its https interface.

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.