74 CHAPTER 4: MANAGING DEVICE SECURITY
Encrypting Connection to the Web Interface (HTTPS)HTTPS allows secure access to the Web interface of the switch. If you
administer your switch remotely or over an insecure network, the switch
can encrypt all HTTP traffic to and from the Web interface using the
Secure Sockets Layer (SSL) of HTTP. If your network traffic is intercepted,
no passwords or configuration information will be visible in the data.
To use HTTPS you need the following:
■A browser that supports SSL
■A digital certificate installed on the switch
The switch ships with a default certificate installed. This certificate has not
been validated by a Certifying Authority and your browser may warn you
that the certificate has not been certified. Using a properly validated
certificate provides a higher level of security than the default certificate.
You can securely browse your switch by using the HTTPS (HTTP over SSL)
protocol. To access the Web interface securely, enter the following into
your browser:
https://xxx.xxx.xxx.xxx/
where xxx.xxx.xxx.xxx is the IP address of your switch.
Both HTTP and HTTPS service can be enabled independently on the
switch. However, you cannot configure the HTTP and HTTPS servers to
use the same TCP port.
If you enable HTTPS, you must indicate this in the URL that you specify in
your browser and specify the port number if not using the default value:
https://device[:port_number]
When you start HTTPS, the connection is established in this way:
■The client authenticates the server using the server’s digital certificate.
■The client and server negotiate a set of security protocols to use for
the connection.
■The client and server generate session keys for encrypting and
decrypting data.