Enabling Secure HTTP (HTTPS) Access to a Router

Problem

You want to configure and monitor your router using an encrypted browser interface.

Solution

To enable secure HTTP (HTTPS) access to a router, use the ip http secure-server command:

Core#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Core(config)#ip http secure-server
Core(config)#end
Core#

Cisco introduced secure HTTP access feature in IOS Version 12.2(14)S.

Discussion

The Secure HTTP feature provides you with a secure and encrypted method to access the router via a web browser using Secure Sockets Layer and Transport Layer Security. This prevents HTTP sessions from being intercepted or attacked.

By default, the router creates a self-signed digital certificate that is required for secure access. The router adds the digital certificate to its configuration:

Router2#show running-config | section crypto crypto pki trustpoint TP-self-signed-2618906780 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2618906780 revocation-check none rsakeypair TP-self-signed-2618906780 crypto pki certificate chain TP-self-signed-2618906780 certificate self-signed 01 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363138 39303637 3830301E 170D3036 30313235 31373031 32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 ...

Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.