Filter
Top Products
Chapter 86: Secure HTTPS Web Browser Server
1334
Overview
The switch has a web browser server for remote management of the unit
with a web browser application from management workstations on your
network. The server has a secure HTTPS mode and a non-secure HTTP
mode. Web browser management sessions that use the secure HTTPS
mode are protected against snooping because the packets exchanged
between the switch and your management workstations are encrypted.
Only the switch and the workstations are able to decipher the packets.
In contrast, web browser management sessions conducted in the non-
secure HTTP mode are vulnerable to eavesdropping because the packets
are sent in clear text.
This chapter explains how to configure the switch for the secure HTTPS
mode. For directions on the non-secure mode, refer to Chapter 84, “Non-
secure HTTP Web Browser Server” on page 1321.
Certificates When you initiate an HTTPS connection from your management
workstation to the switch, the switch responds by sending a certificate to
your workstation. This file contains the encryption key that the two devices
use to encrypt and decrypt their packets to each other. Also included in
the certificate is a distinguished name that identifies the owner of the
certificate, which in the case of a certificate for your switch, is the switch
itself and your company.
The switch does not come with a certificate. You have to create it, along
with the encryption key and distinguished name, as part of the HTTPS
configuration process.
There are two ways to create the certificate. The quickest and easiest way
is to have the switch create it itself. This type of certificate is called a self-
signed certificate because the switch authenticates the certificate itself.
Another option is to create the encryption key and have someone else
issue the certificate. That person, group, or organization is called a
certification authority (CA), of which there are public and private CAs. A
public CA issues certificates typically intended for use by the general
public, for other companies or organizations. Public CAs require proof of
the identify of the company or organization before they will issue a
certificate. VeriSign is an example of a public CA.
Because the certificate for the switch is not intended for general use and
will only be used by you and other network managers to manage the
device, having a public CA issue the certificate will probably be
unnecessary.
Some large companies have private CAs. This is a person or group that is
responsible for issuing certificates for the company’s network equipment.