HPE Community
HPE Aruba Networking & ProVision-based
1819870 Members
2493 Online
109607 Solutions
New Discussion юеВ

ProCurve Switch 2510G-24 configure connection https and telnet

 
SOLVED
Go to solution
Santy01
Visitor

тАО04-08-2015 06:57 AM

тАО04-08-2015 06:57 AM

ProCurve Switch 2510G-24 configure connection https and telnet

Hi,

i've a switch HP, i want to change the browsing from http to https

and open the connection instead of telnet the connection:

SSH port 22

I tried to check the configuration but i think for change this parameter is need a command line,

someone can help me

Regards

Santino

0 Kudos
5 REPLIES 5
EricAtHP
Esteemed Contributor

тАО04-08-2015 08:59 AM

тАО04-08-2015 08:59 AM

Re: ProCurve Switch 2510G-24 configure connection https and telnet

By default, telnet, ssh, and http are enabled on the switch.

 

To enable https, you first need to create a certificate. You can create a self-signed certificate or you can request one from a certificate authority. You first need to set the time or better yet use sntp.

 

To setup SNTP:
  timesync sntp
  sntp unicast
  sntp server priority 1 10.1.1.10
  time daylight-time-rule continental-us-and-canada
  time timezone -420

 

To create a self-signed certificate:
  crypto key generate cert rsa bits 2048
  crypto host-cert generate self-signed
  (answer the prompts)

 

To enable https:
  web-management ssl

 

To disable http:
  no web-management

 

To disable telnet:
  no telnet-server

 

If you want to get a signed certificate, the process is more involved and unless you have a company certificate authority, it will cost money to get it and really isn't necessary. But here is the process. If that is what you want to do, let me know and I will give you the steps. Or you can look at the manuals.

Santy01
Visitor

тАО04-09-2015 01:57 AM

тАО04-09-2015 01:57 AM

Re: ProCurve Switch 2510G-24 configure connection https and telnet

Thk for your support but i've only a problem to To create a self-signed certificate,

the command you posted:

  crypto key generate cert rsa bits 2048

 is not valid, see below

 

ProCurve Switch 2510G-24(config)# crypto help
Usage: crypto host-cert generate self-signed [START END CNAME OU ORG
                                              CITY STATE COUNTRY]
       crypto host-cert zeroize
       crypto key generate <ssh [rsa] | cert [rsa] KEYSIZE>
       crypto key zeroize <ssh | cert>

Description: Install or remove authentication files for ssh or https server.

Parameters:

    o host-cert - operation on the https host certificate file. The host
             certificate file cannot be created before the certificate
             rsa key file has been created.
    o key - operation on an ssh or https rsa key file.
    o generate - install new key or self-signed certificate.
             Note: installing a new key may be very slow in the first few
             minutes after booting the device.
    o zeroize - remove an existing key or certificate file.

    o self-signed - install new self-signed certificate.
    o START - certificate will be valid beginning on this date.
    o END - certificate will be valid until this date.
    o CNAME - the name (IP address) of this device.
    o OU - organizational unit or department.
    o ORG - organization name.
    o CITY - city or location.
    o STATE - state or region.
    o COUNTRY - two character ISO country code.  Typing 'x<TAB>' will
             provide a list of all valid country codes beginning with
             the letter x.

    o ssh - Install/remove host key for ssh server.
    o cert - Install/remove rsa key for https certificate.
    o rsa - optional keyword indicating key type (only rsa is available).
    o KEYSIZE - for a certificate key, the size of the key desired.
             Certificate keys may be 512, 768, or 1024 bits.  (Ssh host
             keys are always 896 bits.)

ProCurve Switch 2510G-24(config)#
ProCurve Switch 2510G-24(config)# crypto key generate cert rsa bits 2048
Invalid input: bits
ProCurve Switch 2510G-24(config)# crypto key generate cert rsa keysize 2048
Invalid input: keysize
ProCurve Switch 2510G-24(config)#

0 Kudos
EricAtHP
Esteemed Contributor

тАО04-09-2015 07:32 AM

тАО04-09-2015 07:32 AM

Re: ProCurve Switch 2510G-24 configure connection https and telnet

I generating these commands on a 2920 so there is a chance that they are slightly different. You may also update the software.

 

In any case, use the <tab> key as you type a command to see the options that come next.

 

Something like "crypto key generate cert rsa KEYSIZE" should work.

 

It also may be that the version of software you are running doesn't support a keysize of 2048 and only 1024. Use what ever is available.

0 Kudos
Santy01
Visitor

тАО04-15-2015 12:43 AM

тАО04-15-2015 12:43 AM

Re: ProCurve Switch 2510G-24 configure connection https and telnet

I upgraded the firmware and i was able to generate the certificate and enable the https trafic,

 

 i tried to enable also SSH but explain this error message:

 

 ssh cannot be enabled until a host key is configured (use 'crypto' command)

 

Why if i've already used crypto command for create the certificare:

 

crypto key generate cert 1024

 crypto host-cert generate self-signed

 

Thk in advance for help

Santino

0 Kudos
EricAtHP
Esteemed Contributor

тАО04-15-2015 07:25 AM

тАО04-15-2015 07:25 AM

Solution

Re: ProCurve Switch 2510G-24 configure connection https and telnet

Interesting, I haven't played with the 2510 but 2920 and higher have SSH enabled by default. 

 

You can generate a key with a command like this:

 

crypto key generate ssh rsa

 

optionally, use the 'bits' option after rsa to specify how big of a key you want.

 

When you are typing these commands use the <tab> key to do auto-complete as well as to see the available options for the next part of the command.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.