Filter
Top Products
S
ECURITY
2-23
CLI Commands
CLI – Enter the following commands to specify the secure port
number and to enable HTTPS.
Replacing the Default Secure-site Certificate
When you log onto the Web interface using HTTPS (for secure
access), a Secure Sockets Layer (SSL) certificate appears for the
switch. By default, the certificate that Netscape and Internet
Explorer display will be associated with a warning that the site is
not recognized as a secure site. This is because the certificate has
not been signed by an approved certification authority. If you
want this warning to be replaced by a message confirming that the
connection to the switch is secure, you must obtain a unique
certificate and a private key and password from a recognized
certification authority.
Note: For maximum security, we recommend you obtain a
unique Secure Sockets Layer certificate at the earliest
opportunity. This is because the default certificate for the
switch is not unique to the hardware you have purchased.
When you have obtained these, place them on your TFTP server,
and use the following command at the switch's command-line
interface to replace the default (unrecognized) certificate with an
authorized one:
Console(config)#ip http secure-server 3-35
Console(config)#ip http secure-port 441 3-36
Console(config)#
Console#copy tftp https-certificate 3-21
TFTP server ip address: <server ip-address>
Source certificate file name: <certificate file name>
Source private file name: <private key file name>
Private password: <password for private key>
b_mgmt.book Page 23 Tuesday, July 8, 2003 5:24 PM