Logging In to a Device Using HTTP

Hypertext Transfer Protocol (HTTP) is an application-layer protocol that transports hypertext from WWW servers to local browsers. HTTP uses the client/server model in which requests and replies are exchanged.

Context

To download a certificate from an HTTP server, use HTTP. HTTP transfers web page information on the Internet.

HTTP has security risks.

Pre-configuration Tasks

Before logging in to a device using HTTP, complete the following tasks:
  • Configure an SSL policy for the HTTP server.
  • Check that the terminal and device are routable to each other.

Procedure

  • Configure an SSL policy for the HTTP client.
    1. Run system-view

      The system view is displayed.

    2. Run ssl policy policy-name

      An SSL policy is configured, and the SSL policy view is displayed.

    3. Run certificate load

      A certificate is loaded for the SSL policy. A certificate or certificate chain needs to be loaded for the SSL policy on the HTTP client according to the format of the certificate loaded on the HTTP server.

      • To load a certificate in PEM format for the SSL policy, run the certificate load pem-cert certFile key-pair { dsa | rsa } key-file keyFile auth-code [ cipher authCode ] command.
      • To load a certificate in PFX format for the SSL policy, run the certificate load pfx-cert certFile key-pair { dsa | rsa } mac or certificate load pfx-cert certFile key-pair { dsa | rsa } { mac cipher mac-code | key-file keyFile } auth-code cipher authCode command.
      • To load a certificate chain in PEM format for the SSL policy, run the certificate load pem-chain certFile key-pair { dsa | rsa } key-file keyFile auth-code [ cipher authCode ] command.

    4. Run trusted-ca load

      A trusted-CA file is loaded.

      A trusted-CA file needs to be loaded for the SSL policy on the HTTP client according to the format of the trusted-CA file loaded on the HTTP server.

      • To load a trusted-CA file in PEM format for the SSL policy, run the trusted-ca load pem-ca caFile command.
      • To load a trusted-CA file in ASN1 format for the SSL policy, run the trusted-ca load asn1-ca caFile command.
      • To load a trusted-CA file in PFX format for the SSL policy, run the trusted-ca load pfx-ca caFile auth-code [ cipher authCode ] command.

    5. Run commit

      The configuration is committed.

    6. Run quit

      Return to the system view.

  • Log in to a device using HTTP.
    1. Run http

      HTTP is enabled, and the HTTP view is displayed.

    2. (Optional) Run the client source-interface { interface-name | interface-type interface-number } command to bind a source interface to the HTTP client.
    3. Run client ssl-policy policy-name

      An SSL policy is configured for the HTTP client.

    4. Run client ssl-verify peer

      The HTTP client is configured to perform SSL verification on the HTTP server.

    5. Run commit

      The configuration is committed.

Parent Topic: Accessing Other Devices Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >