5-3
Security
Secure Connection
■ After validating the CA, the browser and switch negotiate the highest level of security available
to both. The browser uses the public key to encrypt a random number and send it to the switch.
The switch uses a private key stored in memory (not advertised on the certificate) to decrypt
it. From this process, the browser and switch determine an algorithm for encrypting and
decrypting all further communication during the HTTPS session.
To enable secure HTTPS connections via SSL, the HTTPS Admin mode must be enabled on the switch,
and the Web server must have a public key certificate. The switch can generate its own certificates, or
you can generate these externally and download them to the switch.
■ Certificates generated by the switch are self-signed; that is., the validity of the information
provided in the certificate is attested to by the switch itself.
■ Downloaded certificates can also be self-signed (by a server other than the switch), or they
can be root certificates. A root certificate has been digitally signed by a CA, and is therefore
considered to provide a higher level of security.
You can also download the encryption parameter files that provide algorithms for encrypting the key
exchanges.
To manage HTTP parameters and certificates, you use both the Secure Connection page and the Update
Manager page. To display the Secure Connection page, click Security > Secure Connection in the
navigation pane.
Figure 5-2. Secure Connection
Table 5-2. Secure Connection Fields
Field Description
HTTPS Admin Mode Select Enable to allow secure HTTPS sessions. (Verify that the Certificate Present
field is set to True.)
Select Disable to prevent HTTPS sessions, even if a certificate is present.
Session Soft Timeout Specify the number of minutes after which an HTTPS session times-out if there is no
user activity.
Session Hard Timeout Specify the number of minutes after which an HTTPS session times-out, regardless
of recent user activity.
Certificate Present? True—A certificate is available for use with HTTPS sessions.
False—No certificate is available on the switch.
Certificate Generation Status Indicates that a certificate is being generated or that no certificate generation is in
progress.
To Next Page
Loading...
