Filter
Top Products
User Authentication
60
NXA-ENET24 - Software Management Guide
Configuring HTTPS - Web
Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply.
Configuring HTTPS - CLI
CLI – This example enables the HTTP secure server and modifies the port number.
Replacing the Default Secure-Site Certificate
When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL)
certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will be
associated with a warning that the site is not recognized as a secure site. This is because the certificate has not
been signed by an approved certification authority.
If you want this warning to be replaced by a message confirming that the connection to the switch is secure,
you must obtain a unique certificate and a private key and password from a recognized certification authority.
When you have obtained these, place them on your TFTP server, and use the following command at the
switch's command-line interface to replace the default (unrecognized) certificate with an authorized one:
Configuring the Secure Shell
The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools
have also been implemented for Microsoft Windows and other environments. These tools, including
commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile
attacks.
The Secure Shell (SSH) includes server/client applications intended as a secure replacement for the older
Berkley remote access tools. SSH can also provide remote management access to this switch as a secure
replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a
public-key that the client uses along with a local user name and password for access authentication. SSH also
encrypts all data transfers passing between the switch and SSH-enabled management station clients, and
ensures that data traveling over the network arrives unaltered.
FIG. 54 Web - HTTPS Settings
FIG. 55 CLI - HTTPS Settings
For maximum security, we recommend you obtain a unique Secure Sockets Layer
certificate at the earliest opportunity. This is because the default certificate for the
switch is not unique to the hardware you have purchased.
FIG. 56 CLI - Replacing the default Secure-Site Certificate
The switch must be reset for the new certificate to be activated. To reset the switch,
type: Console#reload