Comware

 View Only
Back to discussions
Expand all | Collapse all

HP1500 (JG962A) - SSL Certificate ignored

This thread has been viewed 0 times

  • 1.  HP1500 (JG962A) - SSL Certificate ignored

    Posted Sep 06, 2019 09:40 AM

    Dear all,

    I've a new HP1500 (JG962A) Switch and want to install my own certificate from from our interal Company CA. Therefore I setup the PKI like the following:

    PKI Entity:
    - Entity: "switch05"
    - Common Name: switch05.company.local

    PKI-Domain:
    - Domain name: "company-ca"
    - PKI entity: "switch05"
    - Extension for certificate: SSL Server, SSL Client

    SSL Server Policy:
    - Policy name: switch05
    - PKI domain: "company-ca"
    Ciphersuites: all checked
    - Client verify: Disabled

    I installed our root certificate and the certificate for "switch05.company.local" to the PKI Domain successfully. I activated the HTTPS Service, saved the config and reboot the switch.

    Now the problem: I always got the self-signed certificate in the browser view. Everthing I do I always get the self signed certificate. Why? And how can I tell the switch to use my PKI domain "company-ca" for the HTTPS service.

    I have other switches like HP6600 or HPE V1910-48G and no problems to install it. The HPE V1910 is very similar to the HP1500 (e.g. create PKI etc.) and it works very well.

    Here my confiuration:

    #
    version 7.1.070, Release 3208P16
    #
    sysname switch05
    #
    clock timezone Brussels add 01:00:00
    clock summer-time FDT 02:00:00 March last Sunday 03:00:00 October last Sunday 01:00:00
    clock protocol ntp
    #
    irf mac-address persistent timer
    irf auto-update enable
    undo irf link-delay
    irf member 1 priority 1
    #
    dns server 10.0.x.x
    dns server 10.0.x.x
    #
    transceiver phony-alarm-disable
    password-recovery enable
    #
    vlan 1
    #
    interface NULL0
    #
    interface Vlan-interface1
    ip address 10.0.x.x 255.255.x.x
    #
    interface GigabitEthernet1/0/1
    #
    interface GigabitEthernet1/0/2
    #
    interface GigabitEthernet1/0/3
    #
    interface GigabitEthernet1/0/4
    #
    interface GigabitEthernet1/0/5
    #
    interface GigabitEthernet1/0/6
    #
    interface GigabitEthernet1/0/7
    #
    interface GigabitEthernet1/0/8
    #
    interface GigabitEthernet1/0/9
    #
    interface GigabitEthernet1/0/10
    #
    interface GigabitEthernet1/0/11
    #
    interface GigabitEthernet1/0/12
    #
    interface GigabitEthernet1/0/13
    #
    interface GigabitEthernet1/0/14
    #
    interface GigabitEthernet1/0/15
    #
    interface GigabitEthernet1/0/16
    #
    interface GigabitEthernet1/0/17
    #
    interface GigabitEthernet1/0/18
    #
    interface GigabitEthernet1/0/19
    #
    interface GigabitEthernet1/0/20
    #
    interface GigabitEthernet1/0/21
    #
    interface GigabitEthernet1/0/22
    #
    interface GigabitEthernet1/0/23
    #
    interface GigabitEthernet1/0/24
    #
    interface Ten-GigabitEthernet1/0/25
    #
    interface Ten-GigabitEthernet1/0/26
    #
    interface Ten-GigabitEthernet1/0/27
    #
    interface Ten-GigabitEthernet1/0/28
    #
    scheduler logfile size 16
    #
    line class aux
    authentication-mode scheme
    user-role network-admin
    #
    line class vty
    authentication-mode scheme
    user-role network-operator
    #
    line aux 0
    user-role network-admin
    #
    line vty 0 63
    user-role network-operator
    #
    snmp-agent
    snmp-agent local-engineid 8000000000001
    snmp-agent community write private
    snmp-agent community read public
    snmp-agent sys-info contact
    snmp-agent sys-info location
    snmp-agent sys-info version all
    #
    ssh server enable
    #
    sntp enable
    sntp unicast-server 10.0.x.x
    sntp unicast-server 10.0.x.x
    #
    domain system
    #
    domain default enable system
    #
    role name level-0
    description Predefined level-0 role
    #
    role name level-1
    description Predefined level-1 role
    #
    role name level-2
    description Predefined level-2 role
    #
    role name level-3
    description Predefined level-3 role
    #
    role name level-4
    description Predefined level-4 role
    #
    role name level-5
    description Predefined level-5 role
    #
    role name level-6
    description Predefined level-6 role
    #
    role name level-7
    description Predefined level-7 role
    #
    role name level-8
    description Predefined level-8 role
    #
    role name level-9
    description Predefined level-9 role
    #
    role name level-10
    description Predefined level-10 role
    #
    role name level-11
    description Predefined level-11 role
    #
    role name level-12
    description Predefined level-12 role
    #
    role name level-13
    description Predefined level-13 role
    #
    role name level-14
    description Predefined level-14 role
    #
    user-group system
    #
    local-user admin class manage
    password hash xxxxxxxxxxx
    service-type ftp
    service-type telnet http https pad ssh terminal
    authorization-attribute user-role network-admin
    authorization-attribute user-role network-operator
    #
    pki domain company-ca
    certificate request entity switch05
    public-key rsa general name switch05 length 2048
    usage ssl-client
    usage ssl-server
    undo crl check enable
    #
    pki entity switch05
    common-name switch05.company.local
    #
    ssl server-policy switch05
    pki-domain company-ca
    ciphersuite rsa_aes_128_cbc_sha rsa_des_cbc_sha rsa_rc4_128_md5 rsa_rc4_128_sha rsa_3des_ede_cbc_sha rsa_aes_256_cbc_sha exp_rsa_rc4_md5 exp_rsa_rc2_md5 exp_rsa_des_cbc_sha dhe_rsa_aes_128_cbc_sha dhe_rsa_aes_256_cbc_sha
    #
    ip http enable
    ip https enable
    web idle-timeout 60
    #
    return

     

     



Related Content