Configuring Secure Socket Layer (SSL)

Configuring the Switch for SSL Operation

The installation of a CA-signed certificate involves interaction with other entities and consists of three phases. The first phase is the creation of the CA certificate request, which is then copied off from the switch for submission to the certificate authority. The second phase is the actual submission process that involves having the certificate authority verify the certificate request and then digitally signing the request to generate a certificate response (the usable server host certificate). The third phase is the download phase consisting of pasting to the switch web server the certificate response, which is then validated by the switch and put into use by enabling SSL

To generate a certificate request from the web browser interface:

i.Select the Security tab, then select the [SSL] button

ii.Select the Create Certificate/Certificate Request radio button.iii.Select Create CA Request from the Certificate Type drop-down list.

iv.Select the key size from the RSA Key Size drop-down list. If you wish to re-use the current certificate key, select Current from the RSA Key Size drop-down list.

v.Fill in remaining certificate arguments (Refer to “Comments on Certificate Fields.” on page 7-10.)

vi.Click on [Apply Changes] to create the certificate request. A new web browser page appears, consisting of two text boxes. The switch uses the upper text box for the certificate request text. The lower text box appears empty. You will use it for pasting in the certificate reply after you receive it from the certificate authority. (This authority must return a non- PEM encoded certificate request reply.

vii.After the certificate authority processes your request and sends you a certificate reply (that is, an installable certificate), copy and paste it into the lower text box.

viii.Click on the [Apply Changes] button to install the certificate.

7-16