Configuring Secure Socket Layer (SSL)

Prerequisite for Using SSL

CA-Signed Certificate: A certificate verified by a third party certif- icate authority (CA). Authenticity of CA-Signed certificates can be verified by an audit trail leading to a trusted root certificate.

Root Certificate: A trusted certificate used by certificate authori-

ties to sign certificates (CA-Signed Certificates) and used later on to verify that authenticity of those signed certificates. Trusted certifi-

cates are distributed as an integral part of most popular web clients. (see browser documentation for which root certificates are pre-

installed).

Manager Level: Manager privileges on the switch.

Operator Level: Operator privileges on the switch.

Local password or username: A Manager-level or Operator-level password configured in the switch.

SSL Enabled: (1)A certificate key pair has been generated on the

switch (web interface or CLI command: crypto key generate cert [key size] (2) A certificate been generated on the switch (web interface or CLI command: crypto host-cert generate self-signed[arg-list]) and (3) SSL is enabled (web interface or CLI command: web-management ssl). (You can generate a certificate without enabling SSL, but you cannot enable SSL without first generating a Certificate.

Prerequisite for Using SSL

Before using the switch as an SSL server, you must install a publicly or commercially available SSL enabled web browser application on the com- puter(s) you use for management access to the switch.

Steps for Configuring and Using SSL for

Switch and Client Authentication

The general steps for configuring ssl include:

A. Client Preparation

5-4

Page 116
Image 116
HP 4100gl manual Prerequisite for Using SSL, General steps for configuring ssl include Client Preparation