Enabling Secure HTTP (HTTPS) Access to a Cisco Router:
You want to configure and monitor your router using an encrypted browser interface.
To enable secure HTTP (HTTPS) access to a router, use the ip http secure-server command:
Cisco introduced secure HTTP access feature in IOS Version 12.2(14)S.
The Secure HTTP feature provides you with a secure and encrypted method to access the router via a web browser using Secure Sockets Layer and Transport Layer Security. This prevents HTTP sessions from being intercepted or attacked.
By default, the router creates a self-signed digital certificate that is required for secure access. The router adds the digital certificate to its configuration:
If this command doesn’t show any self-signed certificates, you can generate them using the command crypto key generate rsa.
It is a good idea to explicitly disable the HTTP server to ensure that only encrypted HTTP sessions are permitted once secure HTTP is enabled. To do so, use the no ip http server command to disable the HTTP server:
By default, the secure HTTP server uses port 443. To change the secure server port, use the following command:
In this example, we changed the secure HTTP port from 443, the default, to port 8080. You can set the secure port to most any unused port number; however, the HTTP and secure HTTP servers cannot be configured to use the same port.
To view the secure HTTP configuration status, use the show ip server command:
As you can see from the output of the show command, the secure server is enabled and is configured to use port 8080. Also, notice that client authentication is currently disabled. Secure HTTP client authentication is enabled by using the same method as the HTTP server.