Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-RESTful commands | 73.45 KB |
RESTful commands
restful http enable
Use restful http enable to enable RESTful over HTTP.
Use undo restful http enable to disable RESTful over HTTP.
Syntax
restful http enable
undo restful http enable
Default
RESTful over HTTP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
For users to manage the device through the HTTP-based RESTful API, you must enable RESTful over HTTP.
Examples
# Enable RESTful over HTTP.
<Sysname> system-view
[Sysname] restful http enable
restful http port
Use restful http port to specify the service port number for RESTful access over HTTP.
Use undo restful http port to restore the default.
Syntax
restful http port port-number
undo restful http port
Default
The service port number for RESTful access over HTTP is 80.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When RESTful access over HTTP is enabled, changing the service port number re-enables the service and closes all RESTful access over HTTP connections. To log in again, users must use the new port number.
Examples
# Set the service port number to 1000 for RESTful access over HTTP.
<Sysname> system-view
[Sysname] restful http port 1000
restful https authentication-mode
Use restful https authentication-mode to specify an authentication mode for RESTful access over HTTPS.
Use undo restful https authentication-mode to restore the default.
Syntax
restful https authentication-mode certificate
undo restful https authentication-mode
Default
The authentication mode for RESTful access over HTTPS is username+password.
Views
System view
Predefined user roles
network-admin
Parameters
certificate: Specifies the certificate authentication mode.
Usage guidelines
Operating mechanism
RESTful access over HTTPS supports the following authentication modes:
· Username+password—A RESTful client must log in to the device by entering a valid username and password on the login page.
· Digital certificate—A RESTful client automatically logs in to the device after its certificate authentication passes. In this authentication mode, the device obtains the common name (CN) from the certificate and uses it as the username. If the username already exists on the device (added by using the local-user command), the client is allowed to log in.
Prerequisites
When you specify the certificate authentication mode, you must perform the following tasks:
· Configure a PKI domain and import the RESTful client's certificate to the PKI domain by using the pki import command. For more information about PKI, see Security Configuration Guide.
· Configure an SSL server policy:
¡ Specify the PKI domain used by the policy by using the pki-domain command.
¡ Enable digital certificate-based authentication for SSL clients by using the client-verify enable command.
· Apply the SSL server policy to the RESTful access over HTTPS service by using the restful https ssl-server-policy command.
Examples
# Perform the following tasks, specify the digital certificate authentication mode, and specify the username used for RESTful access as user1 (HTTPS service type).
1. Configure SSL server policy test_ssl:
a. Specify the PKI domain used by the policy as test_pki by using the pki-domain command.
b. (Optional.) Specify the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.
c. Enable digital certificate-based authentication for SSL clients by using the client-verify enable command.
2. Apply the SSL server policy to the RESTful access over HTTPS service.
3. Enable RESTful over HTTPS.
<Sysname> system-view
[Sysname] ssl server-policy test_ssl
[Sysname-ssl-server-policy-test_ssl] pki-domain test_pki
[Sysname-ssl-server-policy-test_ssl] ciphersuite rsa_aes_256_cbc_sha
[Sysname-ssl-server-policy-test_ssl] client-verify enable
[Sysname-ssl-server-policy-test_ssl] quit
[Sysname] restful https ssl-server-policy test_ssl
[Sysname] restful https enable
[Sysname] restful https authentication-mode certificate
[Sysname] local-user user1 class manage
[Sysname-luser-manage-user1] service-type https
Related commands
client-verify (Security Command Reference)
pki import (Security Command Reference)
pki-domain (Security Command Reference)
ssl server-policy (Security Command Reference)
restful https enable
Use restful https enable to enable RESTful over HTTPS.
Use undo restful https enable to disable RESTful over HTTPS.
Syntax
restful https enable
undo restful https enable
Default
RESTful over HTTPS is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For users to manage the device through the HTTPS-based RESTful API, you must enable RESTful over HTTPS.
Examples
# Enable RESTful over HTTPS.
<Sysname> system-view
[Sysname] restful https enable
restful https port
Use restful https port to specify the service port number for RESTful access over HTTPS.
Use undo restful https port to restore the default.
Syntax
restful https port port-number
undo restful https port
Default
The service port number for RESTful access over HTTPS is 443.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
When RESTful access over HTTPS is enabled, changing the service port number re-enables the service and closes all RESTful access over HTTPS connections. To log in again, users must use the new port number.
Examples
# Set the service port number to 1000 for RESTful access over HTTPS.
<Sysname> system-view
[Sysname] restful https port 1000
restful https ssl-server-policy
Use restful https ssl-server-policy to apply an SSL server policy to the RESTful access over HTTPS service.
Use undo restful https ssl-server-policy to restore the default.
Syntax
restful https ssl-server-policy policy-name
undo restful https ssl-server-policy
Default
No SSL server policy is applied to the RESTful access over HTTPS service.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters.
Usage guidelines
The RESTful access over HTTPS service will use the SSL server policy to enhance service security. For more information about SSL server policies, see SSL configuration in Security Configuration Guide.
You can configure this command only when RESTful access over HTTPS is disabled.
This command takes effect after you enable RESTful access over HTTPS.
If you execute this command multiple times, the most recent configuration takes effect.
After the RESTful access over HTTPS service is enabled, changes to the applied SSL server policy take effect only on HTTPS connections established after the changes. These changes do not take effect on existing HTTPS connections.
Examples
# Apply SSL server policy myssl to the RESTful access over HTTPS service.
<Sysname> system-view
[Sysname] restful https ssl-server-policy myssl
Related commands
restful https enable
ssl server-policy (Security Command Reference)
