9-6
Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation
Configuring the Switch for SSL 
Operation
1. Assigning a Local Login (Operator) and
 Enabling (Manager) Password
At a minimum, HP recommends that you always assign at least a Manager 
password to the switch. Otherwise, under some circumstances, anyone with 
Telnet, web, or serial port access could modify the switch’s configuration.
Using the WebAgent To Configure Local Passwords.  You can configure 
both the Operator and Manager password in the WebAgent. To access the 
WebAgent, refer to the chapter titled “Using the HP WebAgent” in the Basic 
Operation Guide for your switch.
 2. Generating the Switch’s Server Host Certificate 
You must generate a server certificate on the switch before enabling SSL. The 
switch uses this server certificate, along with a dynamically generated session 
key pair to negotiate an encryption method and session with a browser trying 
to connect via SSL to the switch. (The session key pair mentioned above is 
not visible on the switch. It is a temporary, internally generated pair used for 
a particular switch/client session, and then discarded.) 
SSL-Related CLI Commands in This Section Page
web-management ssl page 9-16
show config page 9-16
show crypto host-cert page 9-10
crypto key 
generate cert rsa bits <1024 | 2048> page 9-8
zeroize cert page 9-8
crypto host-cert 
generate self-signed [arg-list] page 9-8
zeroize page 9-8