Configuring Secure Socket Layer (SSL)
Terminology
■ Self-Signed Certificate: A certificate not verified by a third-party
certificate authority (CA). Self-signed certificates provide a reduced
level of security compared to a CA-signed certificate.
■ CA-Signed Certificate: A certificate verified by a third party certif-
icate authority (CA). Authenticity of CA-Signed certificates can be
verified by an audit trail leading to a trusted root certificate.
■ Root Certificate: A trusted certificate used by certificate authorities
to sign certificates (CA-Signed Certificates) and used later on to verify
that authenticity of those signed certificates. Trusted certificates are
distributed as an integral part of most popular web clients. (see
browser documentation for which root certificates are pre-installed).
■ Manager Level: Manager privileges on the switch.
■ Operator Level: Operator privileges on the switch.
■ Local password or username: A Manager-level or Operator-level
password configured in the switch.
■ SSL Enabled: (1) A certificate key pair has been generated on the
switch (web interface or CLI command: crypto key generate cert
[key size] (2) A certificate been generated on the switch (web
interface or CLI command: crypto host-cert generate self-signed
[arg-list]) and (3) SSL is enabled (web interface or CLI command:
web-management ssl). (You can generate a certificate without
enabling SSL, but you cannot enable SSL without first generating a
Certificate.
7-4