User Authentication

3-73

3

Configuring HTTPS

You can configure the switch to enable the Secure Hypertext Transfer Protocol
(HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an
encrypted connection) to the switch’s web interface.
Command Usage
Both the HTTP and HTTPS service can be enabled independently on the switch.
However, you cannot configure both services to use the same UDP port. (HTTP
can only be configured through the CLI using the ip http server command
described on 4-100.)
If you enable HTTPS, you must indicate this in the URL that you specify in your
browser: https://device[:port_number]
When you start HTTPS, the connection is established in this way:
- The client authenticates the server using the server’s digital certificate.
- The client and server negotiate a set of security protocols to use for the
connection.
- The client and server generate session keys for encrypting and decrypting data.
The client and server establish a secure encrypted connection.
A padlock icon should appear in the status bar for Internet Explorer 5.x or above,
Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above.
The following web browsers and operating systems currently support HTTPS:
To specify a secure-site certificate, see "Replacing the Default Secure-site
Certificate" on page 3-74.
Command Attributes
HTTPS Status – Allows you to enable/disable the HTTPS server feature on the
switch. (Default: Enabled)
Change HTTPS Port Number – Specifies the UDP port number used for HTTPS
connection to the switch’s web interface. (Default: Port 443)
Table 3-6 HTTPS System Support
Web Browser Operating System
Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a),
Windows 2000, Windows XP
Netscape 6.2 or later Windows 98,Windows NT (with service pack 6a),
Windows 2000, Windows XP, Solaris 2.6
Mozilla Firefox 2.0.0.0 or later Windows 2000, Windows XP, Linux