Getting A Digital Certificate; Securing Access To The Command Line Interface - 3Com SuperStack 3 3812 Implementation Manual

76 C 10: M
HAPTER
Getting a Digital
Certificate
Securing Access to
the Command Line
Interface
Y N S
AKING OUR ETWORK ECURE
Once you have set up your Switch to support HTTPS, you can optionally
stop unencrypted administration by redirecting HTTP accesses (port 80) to
port 443 (the port used by HTTPS). The Switch can be configured to
redirect all attempts to administer the Web interface.
Before accessing your Switch using HTTPS, you need an digital certificate
which is used to identify your Switch. The Switch uses certificates that
adhere to the following X.509 standard.
If you have the software to generate an X.509 certificate, you can
self-certify your Switch. Administrators will be warned that the certificate
has not been certified by a Certificate Authority (CA) but security will not
be otherwise affected.
If you cannot generate an X.509 certificate yourself, you can buy one
from one of the Certifying Authorities or your ISP. Each Switch will require
its own X.509 certificate.
Your Switch supports Secure Shell (SSH), allowing secure access to the
Command Line Interface of the Switch.
If you use SSH to administer your Switch and the network traffic is
intercepted, no passwords or configuration information will be visible in
the data. To securely adminster the Switch using the Command Line
Interface you need a Telnet/SSH client. You do not need a digital
certificate as your Switch can generate its own.
To administer your Switch using SSH, start your Telnet/SSH client and
enter the IP address of your Switch.
If your Telnet/SSH application supports both encrypted and unencrypted
modes, make sure that you have SSH encryption set.
At time of writing, the Telnet client supplied with Windows does not
support SSH.