Configuring HTTPS
Configuring Global
Settings for HTTPS
You can configure the switch to enable the Secure Hypertext Transfer Protocol
(HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an
encrypted connection) to the switch's web interface.
Use the Security > HTTPS (Configure Global) page to enable or disable HTTPS and
specify the TCP port used for this service.
Command Usage
◆
Both the HTTP and HTTPS service can be enabled independently on the switch.
However, you cannot configure both services to use the same TCP port. (HTTP
can only be configured through the CLI using the "ip http server" command
described in the CLI Reference Guide.)
◆
If you enable HTTPS, you must indicate this in the URL that you specify in your
browser: https://device[:port_number]
◆
When you start HTTPS, the connection is established in this way:
The client authenticates the server using the server's digital certificate.
■
The client and server negotiate a set of security protocols to use for the
■
connection.
The client and server generate session keys for encrypting and decrypting
■
data.
◆
The client and server establish a secure encrypted connection.
A padlock icon should appear in the status bar for Internet Explorer 9, Mozilla
Firefox 39, or Google Chrome 44, or more recent versions.
◆
The following web browsers and operating systems currently support HTTPS:
Table 16: HTTPS System Support
Web Browser
Internet Explorer 9.x or later
Mozilla Firefox 39 or later
Google Chrome 44 or later
◆
To specify a secure-site certificate, see
Certificate" on page
Note:
Connection to the web interface is not supported for HTTPS using an IPv6
link local address.
Operating System
Windows 7, 8, 10
Windows 7, 8, 10, Linux
Windows 7, 8, 10
"Replacing the Default Secure-site
252.
– 251 –
Chapter 12
| Security Measures
Configuring HTTPS