Configuring https management access on HP A5120 Switch (798 Views)
Reply
Occasional Contributor
gerry egan
Posts: 5
Registered: ‎08-18-2010
Message 1 of 1 (798 Views)

Configuring https management access on HP A5120 Switch

I am trying to configure HTTPS management on a HP a5120 switch running Version 5.20.99, Release 2215 and not having much luck.

 

I have followed the manual by creating an SSL policy first and then enabling the HTTPS server with the SSL policy:


ssl server-policy sslpol
ip https ssl-server-policy sslpol
ip https enable


When I try and log onto the switch with Google Chrome I get the following error:


Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.


When I look this up I have found references to errors due to TLS being used in SSL. I can find no way to specify the SSL version in the server policy.


The manual has a configuration example that uses MSCEP to retrieve a certificate but in Windows 2008 R2 that feature is only available in Enterprise and Datacentre editions which I don't have.
I have SSH configured and it is using a locally generated certificate so I'm not sure if I can use that but I'd like to if possible.


Has anybody been able to setup HTTPS management on HP A series switches without MSCEP?
Any and all help appreciated!


here is a copy of my config with the interfaces removed:
version 5.20.99, Release 2215
#
sysname MYSYSNAME
#
irf domain 10
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 100
description Management
#
radius scheme system
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
stp enable
#
ssl server-policy sslpol
pki-domain MYDOMAIN
#
interface NULL0
#
interface Vlan-interface199
ip address 192.168.199.140 255.255.255.0
#
interface GigabitEthernet1/0/1
poe enable
stp edged-port enable
#
interface Ten-GigabitEthernet2/1/2
#
dhcp-snooping
#
ntp-service unicast-server 192.168.1.71
#
ssh server enable
#
ip https ssl-server-policy sslpol
ip https enable
#
load xml-configuration
#
user-interface aux 0 1
user-interface vty 0 15
authentication-mode scheme

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.