Introduction To Https - ZyXEL Communications XGS1930-38 User Manual

Host Identification
1
The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The
client encrypts a randomly generated session key with the host key and server key and sends the result
back to the server.
The client automatically saves any new server public keys. In subsequent connections, the server public
key is checked against the saved version on the client computer.
Encryption Method
2
Once the identification is verified, both the client and server must agree on the type of encryption
method to use.
Authentication and Data Transmission
3
After the identification is verified and data encryption activated, a secure tunnel is established between
the client and the server. The client then sends its authentication information (user name and password)
to the server to log in to the server.
36.7.2.2 SSH Implementation on the Switch
Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES
and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on
port 22. Only one SSH connection is allowed at a time.
36.7.2.3 Requirements for Using SSH
You must install an SSH client program on a client computer (Windows or Linux operating system) that is
used to connect to the Switch over SSH.

36.7.3 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that
encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-level protocol that
enables secure transactions of data by ensuring confidentiality (an unauthorized party cannot read the
transferred data), authentication (one party can identify the other party) and data integrity (you know if
data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Switch is used so that you may securely access the Switch using the web configurator. The
SSL protocol specifies that the SSL server (the Switch) must always authenticate itself to the SSL client (the
computer which requests the HTTPS connection with the Switch), whereas the SSL client only should
authenticate itself when the SSL server requires it to do so. Authenticating client certificates is optional
and if selected means the SSL-client must send the Switch a certificate. You must apply for a certificate
for the browser from a Certificate Authority (CA) that is a trusted CA on the Switch.
Please refer to the following figure.
HTTPS connection requests from an SSL-aware web browser go to port 443 (by default) on the Switch's
1
WS (web server).
HTTP connection requests from a web browser go to port 80 (by default) on the Switch's WS (web
2
server).
Chapter 36 Access Control
XGS1930 Series User's Guide
302