Configuring Secure Socket Layer (SSL)

Terminology

Self-Signed Certificate: A certificate not verified by a third-party certificate authority (CA). Self-signed certificates provide a reduced level of security compared to a CA-signed certificate.

CA-Signed Certificate: A certificate verified by a third party certif- icate authority (CA). Authenticity of CA-Signed certificates can be verified by an audit trail leading to a trusted root certificate.

Root Certificate: A trusted certificate used by certificate authorities to sign certificates (CA-Signed Certificates) and used later on to verify that authenticity of those signed certificates. Trusted certificates are distributed as an integral part of most popular web clients. (see browser documentation for which root certificates are pre-installed).

Manager Level: Manager privileges on the switch.

Operator Level: Operator privileges on the switch.

Local password or username: A Manager-level or Operator-level password configured in the switch.

SSL Enabled: (1) A certificate key pair has been generated on the

switch (web interface or CLI command: crypto key generate cert [key size] (2) A certificate been generated on the switch (web interface or CLI command: crypto host-cert generate self-signed[arg-list]) and (3) SSL is enabled (web interface or CLI command: web-management ssl). (You can generate a certificate without enabling SSL, but you cannot enable SSL without first generating a Certificate.

7-4