Using HTTPS secure connection

ArubaOS-Switch devices can be configured and monitored using a web browser-based HTTP interface, which is enabled by default. This connection method is unencrypted, thus making it vulnerable to credential interception by devices connected to the network in the path between the user and the switch being configured. To secure connections to the web management UI, it is recommended to enable HTTPS and disable HTTP access to the switch. HTTPS is HTTP traffic running on a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) connection, which requires a certificate to be present on the switch. To generate a certificate; enable HTTPS, and disable HTTP, the steps are as follows:

Procedure
  1. Open a switch console session and enter the configuration context using the command:
    switch# configure
  2. Create a self-signed SSL/TLS certificate. 
    switch(config)# crypto pki enroll-self-signed certificate-name <name of certificate> subject common-name <common name of device>
    1. View the SSL/TLS certificate information. 
      switch(config)# show crypto pki local-certificate web-mgmt
Certificate Detail:
Version: 3 (0x2)
Serial Number:
   56:12:69:dd:3d:91:c1:8a:4e:2c:f4:62:a3:0a:96:76:b5:f0:b4:31
Signature Algorithm: sha256withRSAEncryption
Issuer: CN=5400R
Validity
   Not Before: Aug 14 13:33:32 2017 GMT
   Not After : Aug 14 23:59:59 2018 GMT
Subject: CN=5400R
Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   RSA Public Key: (1024 bit)
      Modulus (1024 bit):
          30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:
          03:81:8d:00:30:81:89:02:81:81:00:b0:90:f9:d8:
          88:f0:d5:eb:31:1e:aa:06:3b:30:5a:5b:d2:ed:eb:
          ff:12:ff:9d:52:55:98:cd:2a:c2:72:8e:94:69:47:
          a3:29:0f:f7:47:c3:c9:57:fa:11:d8:9a:8d:2f:e4:
          84:5e:3d:67:b2:fc:59:81:53:83:12:6a:68:6b:a5:
          4d:20:8f:b5:be:a2:23:b9:aa:e5:9a:55:ac:4a:fb:
          20:4b:71:6d:74:db:ab:89:4f:ed:27:c0:aa:31:fa:
          4b:64:76:be:f8:11:de:0e:5e:1e:17:b2:ba:a2:13:
          ce:2e:aa:31:d6:51:ad:e5:ed:23:93:42:27:d2:44:
          bd:2f:83:9d:02:03:01:00:01
      Exponent: 65537 (0x10001)
X509v3 extensions:
   X509v3 Key Usage: critical
      Digital Signature, Key Encipherment, Key Agreement
   X509v3 Extended Key Usage:
      TLS Web Server Authentication

Signature Algorithm: sha256withRSAEncryption
   5c:00:9e:b2:8a:98:49:f3:e5:11:51:a8:2b:23:07:0c:f8:e8:
   26:bf:09:98:8a:9a:45:22:57:5b:af:ab:2f:ed:34:50:4d:ac:
   d9:59:18:e1:52:68:7f:20:ae:14:e7:d9:97:1b:91:5f:ae:ba:
   cd:b5:d3:7b:14:b6:da:99:fa:4f:2b:ed:65:96:59:fc:87:45:
   1c:49:93:2b:8c:47:3e:08:ae:7f:85:c3:31:58:17:32:d5:13:
   60:a3:c1:d2:4c:69:d5:54:7e:3d:e2:67:64:ba:38:6e:cb:c5:
   9e:17:9e:0b:30:52:8f:47:5d:59:2b:0e:c3:14:07:8f:f0:71:
   97:9d
MD5 Fingerprint: cbdc 5288 60e1 9576 4fd8 1f1d cae7 4edc
SHA1 Fingerprint: 6ea3 7708 a6dd cd6d 065b 1b34 1734 f385 42d6 0121
  3. Enable HTTPS web management.

    switch(config)# web-management ssl

  4. (Recommended) Disable HTTP web management.

    switch(config)# no web-management

  5. Verify the web-management configuration. 
    switch(config)# show web-management

 Web Management - Server Configuration

  HTTP Access    : Disabled
  HTTPS Access   : Enabled
  SSL Port       : 443
  Idle Timeout   : 600 seconds
  Management URL : http://h17007.www1.hpe.com/device_help
  Support URL    : http://www.arubanetworks.com/products/networking/
  User Interface : Improved
  Listen Mode    : bot
  6. To log into the web management UI, open a browser and enter an IP address configured on the switch.

    For example, https://X.X.X.X

    IP addresses are configured on the switch by the VLAN. Use show ip command to view the configured IP addresses.

    For more information about SSL/TLS configuration, see the ArubaOS-Switch Access Security Guide of your switch.
    NOTE:

    After disabling HTTPS, if you are unable to log in to Next-Gen Web UI through HTTP, clear the cookies from your browser and try HTTP again.