Table of Contents
Advertisement
After validating the CA, the browser and switch negotiate the highest level of security available
■
to both. The browser uses the public key to encrypt a random number and send it to the switch.
The switch uses a private key stored in memory (not advertised on the certificate) to decrypt
it. From this process, the browser and switch determine an algorithm for encrypting and
decrypting all further communication during the HTTPS session.
To enable secure HTTPS connections via SSL, the HTTPS Admin mode must be enabled on the switch,
and the Web server must have a public key certificate. The switch can generate its own certificates, or
you can generate these externally and download them to the switch.
Certificates generated by the switch are self-signed; that is., the validity of the information
■
provided in the certificate is attested to by the switch itself.
■
Downloaded certificates can also be self-signed (by a server other than the switch), or they
can be root certificates. A root certificate has been digitally signed by a CA, and is therefore
considered to provide a higher level of security.
You can also download the encryption parameter files that provide algorithms for encrypting the key
exchanges.
To manage HTTP parameters and certificates, you use both the Secure Connection page and the Update
Manager page. To display the Secure Connection page, click Security > Secure Connection in the
navigation pane.
Figure 5-2. Secure Connection
Table 5-2. Secure Connection Fields
Field
HTTPS Admin Mode
Session Soft Timeout
Session Hard Timeout
Certificate Present?
Certificate Generation Status
Description
Select Enable to allow secure HTTPS sessions. (Verify that the Certificate Present
field is set to True.)
Select Disable to prevent HTTPS sessions, even if a certificate is present.
Specify the number of minutes after which an HTTPS session times-out if there is no
user activity.
Specify the number of minutes after which an HTTPS session times-out, regardless
of recent user activity.
True—A certificate is available for use with HTTPS sessions.
False—No certificate is available on the switch.
Indicates that a certificate is being generated or that no certificate generation is in
progress.
Security
Secure Connection
5-3
Hide quick links:
Advertisement
Table of Contents
