Configuring the Secure HTTP Client
Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP client:
Before You Begin
The standard HTTP client and secure HTTP client are always enabled. A certificate authority is required for
secure HTTP client certification. This procedure assumes that you have previously configured a CA trustpoint
on the switch. If a CA trustpoint is not configured and the remote HTTPS server requires client authentication,
connections to the secure HTTP client fail.
SUMMARY STEPS
1.
configure terminal
2.
ip http client secure-trustpoint name
3.
ip http client secure-ciphersuite {[3des-ede-cbc-sha] [rc4-128-md5] [rc4-128-sha] [des-cbc-sha]}
4.
end
DETAILED STEPS
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
(Optional) Specifies the CA trustpoint to be used if the remote HTTP
server requests client authentication. Using this command assumes
ip http client secure-trustpoint name
Example:
Switch(config)# ip http client
Step 2
that you have already configured a CA trustpoint by using the
previous procedure. The command is optional if client authentication
is not needed or if a primary trustpoint has been configured.
secure-trustpoint your_trustpoint
(Optional) Specifies the CipherSuites (encryption algorithms) to be
used for encryption over the HTTPS connection. If you do not have
ip http client secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}
Step 3
a reason to specify a particular CipherSuite, you should allow the
server and client to negotiate a CipherSuite that they both support.
This is the default.
Example:
Switch(config)# ip http client
secure-ciphersuite rc4-128-md5
Returns to privileged EXEC mode.end
Example:
Switch(config)# end
Step 4
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1134
Information About Secure Socket Layer HTTP
To Next Page
Loading...
Need help?
General
