Configuring https access on HP A5120 Switch

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by GerryEgan on Server Fault See other posts from Server Fault or by GerryEgan
Published on 2013-02-09T22:39:25Z Indexed on 2013/10/17 21:59 UTC
Read the original article Hit count: 414

Filed under:
|
|
|
|

I am trying to configure HTTPS management on a HP a5120 switch running Version 5.20.99, Release 2215 and not having much luck. I have followed the manual by creating an SSL policy first and then enabling the HTTPS server with the SSL policy:

ssl server-policy sslpol
ip https ssl-server-policy sslpol
ip https enable

When I try and log onto the switch with Google Chrome I get the following error:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

When I look this up I have found references to errors due to TLS being used in SSL. I can find no way to specify the SSL version in the server policy.

The manual has a configuration example that uses MSCEP to retrieve a certificate but in Windows 2008 R2 that feature is only available in Enterprise and Datacentre editions which I don't have.

I have SSH configured and it is using a locally generated certificate so I'm not sure if I can use that but I'd like to if possible.

Has anybody been able to setup HTTPS management on HP A series switches without MSCEP?

Any and all help appreciated!

here is a copy of my config with the interfaces removed:

version 5.20.99, Release 2215
#
 sysname MYSYSNAME
#
 irf domain 10
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 telnet server enable
#
vlan 1
#
vlan 100
 description Management
#
radius scheme system
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher 
 authorization-attribute level 3
 service-type ssh telnet terminal
 service-type web
#
 stp enable
#
ssl server-policy sslpol
 pki-domain MYDOMAIN
#
interface NULL0
#
interface Vlan-interface199
 ip address 192.168.199.140 255.255.255.0
#
interface GigabitEthernet1/0/1
 poe enable
 stp edged-port enable
#
interface Ten-GigabitEthernet2/1/2
#
 dhcp-snooping
#
 ntp-service unicast-server 192.168.1.71
#
 ssh server enable
#
 ip https ssl-server-policy sslpol
 ip https enable
#
 load xml-configuration
#
user-interface aux 0 1
user-interface vty 0 15
authentication-mode scheme

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about networking

Related posts about ssl

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle