C
HAPTER
14
| Security Measures
Configuring HTTPS
– 297 –
CONFIGURING HTTPS
You can configure the switch to enable the Secure Hypertext Transfer
Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure
access (i.e., an encrypted connection) to the switch’s web interface.
CONFIGURING GLOBAL
SETTINGS FOR HTTPS
Use the Security > HTTPS (Configure Global) page to enable or disable
HTTPS and specify the UDP port used for this service.
CLI REFERENCES
â—† "Web Server" on page 617
COMMAND USAGE
â—† Both the HTTP and HTTPS service can be enabled independently on the
switch. However, you cannot configure both services to use the same
UDP port. (HTTP can only be configured through the CLI using the ip
http server command described on page 618.)
â—† If you enable HTTPS, you must indicate this in the URL that you specify
in your browser: https://device[:port_number]
â—† When you start HTTPS, the connection is established in this way:
â–
The client authenticates the server using the server’s digital
certificate.
â–
The client and server negotiate a set of security protocols to use for
the connection.
â–
The client and server generate session keys for encrypting and
decrypting data.
â—† The client and server establish a secure encrypted connection.
A padlock icon should appear in the status bar for Internet Explorer 5.x
or above, Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above.
â—† The following web browsers and operating systems currently support
HTTPS:
â—† To specify a secure-site certificate, see "Replacing the Default Secure-
site Certificate" on page 298.
Table 20: HTTPS System Support
Web Browser Operating System
Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a),
Windows 2000, Windows XP, Windows Vista, Windows 7
Netscape 6.2 or later Windows 98,Windows NT (with service pack 6a),
Windows 2000, Windows XP, Solaris 2.6
Mozilla Firefox 2.0.0.0 or later Windows 2000, Windows XP, Linux