Enabling And Disabling Ssl - Extreme Networks ExtremeWare XOS Guide Manual

Security
HTTPS access is provided through SSL and the Transport Layer Security (TLS1.0). These protocols
enable clients to verify the authenticity of the server to which they are connecting, thereby ensuring that
users are not compromised by intruders.
Similar to SSH2, before you can use any SSL commands, you must first download and install the
separate Extreme Networks SSH software module (ssh.xmod). This additional module allows you to
configure both SSH2 and SSL on the switch. SSL is packaged with the SSH module; therefore, if you do
not install the module, you are unable to configure SSL. If you try to execute SSL commands without
installing the module first, the switch notifies you to download and install the module. To install the
module, see the instructions in
You must upload or generate a certificate for SSL server use. Before you can upload a certificate, you
must purchase and obtain an SSL certificate from an Internet security vendor. The following security
algorithms are supported:
RSA for public key cryptography (generation of certificate and public-private key pair, certificate
●
signing). RSA key size between 1024 and 4096 bits.
Symmetric ciphers (for data encryption): RC4, DES, and 3DES.
●
Message Authentication Code (MAC) algorithms: MD5 and SHA.
●
The Converged Network Analyzer (CNA) Agent requires SSL to encrypt communication between the
CNA Agent and the CNA Server. For more information about the CNA Agent, see
Agent."
This section describes the following topics:
Enabling and Disabling SSL on page 340
●
Creating Certificates and Private Keys on page 341
●
Displaying SSL Information on page 343
●

Enabling and Disabling SSL

This section describes how to enable and disable SSL on your switch.
NOTE
Prior to ExtremeWare XOS 11.2, the Extreme Networks SSH module did not include SSL. To use SSL for secure
HTTPS web-based login, you must upgrade your core software image to ExtremeWare XOS 11.2 or later, install the
SSH module that works in concert with that core software image, and reboot the switch.
Please keep in mind the following guidelines when using SSL:
To use SSL with web-based login (secure HTTP access, HTTPS) you must specify the HTTPS
●
protocol when configuring the redirect URL.
If you are downloading the SSH module for the first time and want to immediately use SSL for
●
secure HTTPS web-based login, restart the
detailed information about activating the SSH module, see
Appendix
To enable SSL and allow secure HTTP (HTTPS) access on the default port (443), use the following
command:
enable web https
340
Appendix
A.
A, "Software Upgrade and Boot
process after installing the SSH module. For more
thttpd
"Guidelines for Activating SSL"
Options."
Appendix C, "CNA
in
ExtremeWare XOS 11.3 Concepts Guide