Configuring Secure Socket Layer (SSL)

 

Configuring the Switch for SSL Operation

Table 7-1. Certificate Field Descriptions

 

 

 

Field Name

Description

 

 

Valid Start Date

This should be the date you desire to begin using the SSL

 

 

functionality.

Valid End Date

This can be any future date, however good security practices would

 

suggest a valid duration of about one year between updates of

 

passwords and keys.

Common name

This should be the IP address or domain name associated with the

 

switch. Your web browser may warn you if this field does not match

 

the URL entered into the web browser when accessing the switch

Organization

This is the name of the entity (e.g. company) where the switch is in

 

service.

Organizational

This is the name of the sub-entity (e.g. department) where the

Unit

switch is in service.

City or location

This is the name of the city where switch is in service

State name

This is the name of the state or province where switch is in service

Country code

This is the ISO two-letter country-code where switch is in service

 

 

 

For example, to generate a key and a new host certificate:

Generate New Key

Generate New Certificate

Enter certificate Arguments

Figure 7-3. Example of Generating a Self-Signed Server Host certificate on the CLI for the Switch.

N o t e s

“Zeroizing” the switch’s server host certificate or key automatically disables

 

SSL (sets web-management ssl to No). Thus, if you zeroize the server host

 

certificate or key and then generate a new key and server certificate, you must

 

also re-enable SSL with the web-management ssl command before the switch

 

can resume SSL operation.

 

 

7-11