Cisco Systems 3560 사용자 설명서

Beginning in privileged EXEC mode, follow these steps to configure a secure HTTP client:

Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the 
no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for 
the client.

To display the SSL secure server and client status, use the privileged EXEC commands in 

:

The Secure Copy Protocol (SCP) feature provides a secure and authenticated method for copying switch 
configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol 
that provides a secure replacement for the Berkeley r-tools. 

For SSH to work, the switch needs an RSA public/private key pair. This is the same with SCP, which 
relies on SSH for its secure transport. 

Enter global configuration mode.

 ip http client secure-trustpoint name

(Optional) Specify the CA trustpoint to be used if the remote HTTP server 
requests client authentication. Using this command assumes that you have 
already configured a CA trustpoint by using the previous procedure. The 
command is optional if client authentication is not needed or if a primary 
trustpoint has been configured. 

 ip http client secure-ciphersuite 
{[3des-ede-cbc-sha] [rc4-128-md5] 
[rc4-128-sha] [des-cbc-sha]}

(Optional) Specify the CipherSuites (encryption algorithms) to be used 
for encryption over the HTTPS connection. If you do not have a reason to 
specify a particular CipherSuite, you should allow the server and client to 
negotiate a CipherSuite that they both support. This is the default.

Return to privileged EXEC mode.

Display the status of the HTTP secure server to verify the configuration.

(Optional) Save your entries in the configuration file.

Shows the HTTP secure client configuration.

Shows the HTTP secure server configuration.

Shows the generated self-signed certificate for secure HTTP connections.