Allied Telesis AT-S63 User Manual
Page 608
Chapter 35: Web Server Commands
608
Section VIII: Management Security
Examples
The following command configures the web server for the non-secure
HTTP mode. Since no port is specified, the default HTTP port 80 is used:
set http server security=disabled
The following command configures the web server for the secure HTTPS
mode. It specifies the key pair ID as 5. Since no port is specified, the
default HTTPS port 443 is used:
set http server security=enabled sslkeyid=5
General Configuration Steps for a Self-signed Certificate
Below are the steps to configuring the switch’s web server for a self-
signed certificate using the command line commands:
1. Set the switch’s date and time. You can do this manually using “SET
DATE” on page 95 or you can configure the switch to obtain the date
and time from an SNTP server using “ADD SNTPSERVER
PEER|IPADDRESS” on page 90.
2. Create an encryption key pair using “CREATE ENCO KEY” on
page 614 (syntax 1).
3. Create the self-signed certificate using “CREATE PKI CERTIFICATE”
4. Add the self-signed certificate to the certificate database using “ADD
5. Disable the switch’s web server using “DISABLE HTTP SERVER” on
6. Configure the web server using “SET HTTP SERVER” on page 607.
7. Activate the web server using “ENABLE HTTP SERVER” on
The following is an example of the command sequence to configuring the
web server for a self-signed certificate. (The example does not include
step 1, setting the system time.)
1. This command creates the encryption key pair with an ID of 4, a length
of 512 bits, and the description “Switch 12 key”:
create enco key=4 type=rsa length=512 description="Switch
12 key"