Replacing The Default Secure-Site Certificate; Configuring The Secure Shell - Enterasys Matrix-V V2H124-24 Configuration Manual
Matrix v-series fast ethernet switch
Hide thumbs
Also See for Matrix-V V2H124-24:
- Quick reference manual (2 pages) ,
- Hardware installation manual (76 pages)
Table of Contents
Advertisement
3
Configuring the Switch
Replacing the Default Secure-site Certificate
When you log onto the web interface using HTTPS (for secure access), a Secure
Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that
Netscape and Internet Explorer display will be associated with a warning that the
site is not recognized as a secure site. This is because the certificate has not been
signed by an approved certification authority. If you want this warning to be replaced
by a message confirming that the connection to the switch is secure, you must
obtain a unique certificate and a private key and password from a recognized
certification authority.
Caution: For maximum security, we recommend you obtain a unique Secure Sockets
Layer certificate at the earliest opportunity. This is because the default
certificate for the switch is not unique to the hardware you have purchased.
When you have obtained these, place them on your TFTP server, and use the
following command at the switch's command-line interface to replace the default
(unrecognized) certificate with an authorized one:
Console#copy tftp https-certificate
TFTP server ip address: <server ip-address>
Source certificate file name: <certificate file name>
Source private file name: <private key file name>
Private password: <password for private key>
Note: The switch must be reset for the new certificate to be activated. To reset the
switch, type:
Configuring the Secure Shell
The Berkley-standard includes remote access tools originally designed for Unix
systems. Some of these tools have also been implemented for Microsoft Windows
and other environments. These tools, including commands such as rlogin (remote
login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
The Secure Shell (SSH) includes server/client applications intended as a secure
replacement for the older Berkley remote access tools. SSH can also provide
remote management access to this switch as a secure replacement for Telnet.
When the client contacts the switch via the SSH protocol, the switch generates a
public-key that the client uses along with a local user name and password for access
authentication. SSH also encrypts all data transfers passing between the switch and
SSH-enabled management station clients, and ensures that data traveling over the
network arrives unaltered.
Note that you need to install an SSH client on the management station to access the
switch for management via the SSH protocol.
Note: The switch supports both SSH Version 1.5 and 2.0.
3-58
Console#reload
4-66
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
