HP1500 (JG962A) - SSL Certificate ignored

RaBu78 · ‎09-06-2019

Dear all,

I've a new HP1500 (JG962A) Switch and want to install my own certificate from from our interal Company CA. Therefore I setup the PKI like the following:

PKI Entity:
- Entity: "switch05"
- Common Name: switch05.company.local

PKI-Domain:
- Domain name: "company-ca"
- PKI entity: "switch05"
- Extension for certificate: SSL Server, SSL Client

SSL Server Policy:
- Policy name: switch05
- PKI domain: "company-ca"
- Ciphersuites: all checked
- Client verify: Disabled

I installed our root certificate and the certificate for "switch05.company.local" to the PKI Domain successfully. I activated the HTTPS Service, saved the config and reboot the switch.

Now the problem: I always got the self-signed certificate in the browser view. Everthing I do I always get the self signed certificate. Why? And how can I tell the switch to use my PKI domain "company-ca" for the HTTPS service.

I have other switches like HP6600 or HPE V1910-48G and no problems to install it. The HPE V1910 is very similar to the HP1500 (e.g. create PKI etc.) and it works very well.

Here my confiuration:

#
version 7.1.070, Release 3208P16
#
sysname switch05
#
clock timezone Brussels add 01:00:00
clock summer-time FDT 02:00:00 March last Sunday 03:00:00 October last Sunday 01:00:00
clock protocol ntp
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dns server 10.0.x.x
dns server 10.0.x.x
#
transceiver phony-alarm-disable
password-recovery enable
#
vlan 1
#
interface NULL0
#
interface Vlan-interface1
ip address 10.0.x.x 255.255.x.x
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
#
scheduler logfile size 16
#
line class aux
authentication-mode scheme
user-role network-admin
#
line class vty
authentication-mode scheme
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
snmp-agent
snmp-agent local-engineid 8000000000001
snmp-agent community write private
snmp-agent community read public
snmp-agent sys-info contact
snmp-agent sys-info location
snmp-agent sys-info version all
#
ssh server enable
#
sntp enable
sntp unicast-server 10.0.x.x
sntp unicast-server 10.0.x.x
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash xxxxxxxxxxx
service-type ftp
service-type telnet http https pad ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
pki domain company-ca
certificate request entity switch05
public-key rsa general name switch05 length 2048
usage ssl-client
usage ssl-server
undo crl check enable
#
pki entity switch05
common-name switch05.company.local
#
ssl server-policy switch05
pki-domain company-ca
ciphersuite rsa_aes_128_cbc_sha rsa_des_cbc_sha rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_ede_cbc_sha rsa_aes_256_cbc_sha exp_rsa_rc4_md5 exp_rsa_rc2_md5 exp_rsa_des_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha
#
ip http enable
ip https enable
web idle-timeout 60
#
return

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP1500 (JG962A) - SSL Certificate ignored

HP1500 (JG962A) - SSL Certificate ignored