Configuring Secure Socket Layer (SSL)
Prerequisite for Using SSL
■ CA-Signed Certificate: A certificate verified by a third party certif-
icate authority (CA). Authenticity of CA-Signed certificates can be
verified by an audit trail leading to a trusted root certificate.
■ Root Certificate: A trusted certificate used by certificate authori-
ties to sign certificates (CA-Signed Certificates) and used later on to
verify that authenticity of those signed certificates. Trusted certifi-
cates are distributed as an integral part of most popular web clients.
(see browser documentation for which root certificates are pre-
installed).
■ Manager Level: Manager privileges on the switch.
■ Operator Level: Operator privileges on the switch.
■ Local password or username: A Manager-level or Operator-level
password configured in the switch.
■ SSL Enabled: (1)A certificate key pair has been generated on the
switch (web interface or CLI command: crypto key generate cert
[key size] (2) A certificate been generated on the switch (web
interface or CLI command: crypto host-cert generate self-signed
[arg-list]) and (3) SSL is enabled (web interface or CLI command:
web-management ssl). (You can generate a certificate without
enabling SSL, but you cannot enable SSL without first generating a
Certificate.
Prerequisite for Using SSL
Before using the switch as an SSL server, you must install a publicly or
commercially available SSL enabled web browser application on the com-
puter(s) you use for management access to the switch.
Steps for Configuring and Using SSL for
Switch and Client Authentication
The general steps for configuring ssl include:
A. Client Preparation
5-4
