Home > ccie resources > Enabling Secure HTTP (HTTPS) Access to a Router

Enabling Secure HTTP (HTTPS) Access to a Router

The Secure HTTP feature provides you with a secure and encrypted method to access the router via a web browser using Secure Sockets Layer and Transport Layer Security. This prevents HTTP sessions from being intercepted or attacked.

By default, the router creates a self-signed digital certificate that is required for secure access. The router adds the digital certificate to its configuration:

Router2#show running-config | section crypto

crypto pki trustpoint TP-self-signed-2618906780

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2618906780

 revocation-check none

 rsakeypair TP-self-signed-2618906780

crypto pki certificate chain TP-self-signed-2618906780

 certificate self-signed 01

  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32363138 39303637 3830301E 170D3036 30313235 31373031

  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36313839

  30363738 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100E12C BF2F0F2D 3FA6AAEC 6538D47B FF4A4129 2BE28AFE F1880962 659D06DC

  82992F38 4DDBC544 A071D74F AF503DC7 14C0EF28 7D03D6BA 4AD3D122 184034FF

  FBDE5616 0246528A 83B8E0BA 70C2FC46 605DA522 BC85B1F3 AD47E133 6C2CE562

  669048DB 7378B44A 5999D087 CDA95F74 9E073880 975FEA58 8B0B75EA AA62F996

  CDEB0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603

  551D1104 17301582 13526F75 74657232 2E696A62 726F776E 2E636F6D 301F0603

  551D2304 18301680 1475B543 CAC80FB1 63018DD7 4A81D46A 03DF023B 35301D06

  03551D0E 04160414 75B543CA C80FB163 018DD74A 81D46A03 DF023B35 300D0609

  2A864886 F70D0101 04050003 81810070 5D025E22 B4120D0A BD1D2E33 904B198F

  D9E57BB0 55C90C11 8882A727 9DC42D5F 86619446 1AF7BA53 5DDEDCB5 3B32B70D

  0AFCBCE0 77EC5A50 B0428E89 656C641B F2A6A0E9 CEA331EE 9404F527 40BD66FB

  D30791B9 92BAB053 465FB50C 8C7D8B74 9926ED58 5881A515 7199D397 B69D385F

  329EC47B 9850E063 B4AC318D 76DC9D

  quit

Router2#

If this command doesn't show any self-signed certificates, you can generate them using the command crypto key generate rsa.

It is a good idea to explicitly disable the HTTP server to ensure that only encrypted HTTP sessions are permitted once secure HTTP is enabled. To do so, use the no ip http server command to disable the HTTP server:

Router2#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router2(config)#ip http secure-server

Router2(config)#no ip http server

Router2(config)#end

Router2#

By default, the secure HTTP server uses port 443. To change the secure server port, use the following command:

Router2#configure terminal 

Enter configuration commands, one per line.  End with CNTL/Z.

Router2(config)#ip http secure-port  8080

Router2(config)#end

Router2#

In this example, we changed the secure HTTP port from 443, the default, to port 8080. You can set the secure port to

0 Responses

Comment

Contact Us

86-136-2222-6316
CALL ME NOW

© 2011 CathaySchool, an ANDA Technology Group company, All Rights Reserved Privacy Policy | Refund Policy | Disclaimer | Sitemap | Resources Tags