7-16
Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation
The installation of a CA-signed certificate involves interaction with other
entities and consists of three phases. The first phase is the creation of the CA
certificate request, which is then copied off from the switch for submission to
the certificate authority. The second phase is the actual submission process
that involves having the certificate authority verify the certificate request and
then digitally signing the request to generate a certificate response (the usable
server host certificate). The third phase is the download phase consisting of
pasting to the switch web server the certificate response, which is then
validated by the switch and put into use by enabling SSL.
To generate a certificate request from the web browser interface:
i. Select the Security tab, then the
[SSL] button.
ii. Select the Create Certificate/Certificate Request
radio button.
iii. Select Create CA Request from the Certificate Type drop-down list.
iv. Select the key size from the RSA Key Size drop-down list. If you
want to re-use the current certificate key, select Current from this
list.
v. Fill in the remaining certificate arguments. (Refer to “Comments
on Certificate Fields.” on page 7-11.)
vi. Click on
[Apply Changes] to create the certificate request. A new
web browser page appears, consisting of two text boxes. The
switch uses the upper text box for the certificate request text. The
lower text box appears empty. You will use it for pasting in the
certificate reply after you receive it from the certificate authority.
(This authority must return a none-PEM encoded certificate
request reply.)
vii. After the certificate authority processes your request and sends
you a certificate reply (that is, an installable certificate), copy and
paste the certificate into the lower text box.
viii. Click on the
[Apply Changes] button to install the certificate.