Configuring https management access on HP A5120 Switch (691 Views)
Reply
Occasional Contributor
gerry egan
Posts: 5
Registered: ‎08-18-2010
Message 1 of 1 (691 Views)

Configuring https management access on HP A5120 Switch

I am trying to configure HTTPS management on a HP a5120 switch running Version 5.20.99, Release 2215 and not having much luck.

 

I have followed the manual by creating an SSL policy first and then enabling the HTTPS server with the SSL policy:


ssl server-policy sslpol
ip https ssl-server-policy sslpol
ip https enable


When I try and log onto the switch with Google Chrome I get the following error:


Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.


When I look this up I have found references to errors due to TLS being used in SSL. I can find no way to specify the SSL version in the server policy.


The manual has a configuration example that uses MSCEP to retrieve a certificate but in Windows 2008 R2 that feature is only available in Enterprise and Datacentre editions which I don't have.
I have SSH configured and it is using a locally generated certificate so I'm not sure if I can use that but I'd like to if possible.


Has anybody been able to setup HTTPS management on HP A series switches without MSCEP?
Any and all help appreciated!


here is a copy of my config with the interfaces removed:
version 5.20.99, Release 2215
#
sysname MYSYSNAME
#
irf domain 10
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
#
domain default enable system
#
telnet server enable
#
vlan 1
#
vlan 100
description Management
#
radius scheme system
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher
authorization-attribute level 3
service-type ssh telnet terminal
service-type web
#
stp enable
#
ssl server-policy sslpol
pki-domain MYDOMAIN
#
interface NULL0
#
interface Vlan-interface199
ip address 192.168.199.140 255.255.255.0
#
interface GigabitEthernet1/0/1
poe enable
stp edged-port enable
#
interface Ten-GigabitEthernet2/1/2
#
dhcp-snooping
#
ntp-service unicast-server 192.168.1.71
#
ssh server enable
#
ip https ssl-server-policy sslpol
ip https enable
#
load xml-configuration
#
user-interface aux 0 1
user-interface vty 0 15
authentication-mode scheme

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation