Secure HTTP

Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a Web interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.

Secure HTTP Configuration

Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between the management station and the switch. To display the Secure HTTP Configuration page, click Security > Secure HTTP > Configuration in the navigation menu.

Secure HTTP Configuration

Secure HTTP Configuration Fields

Field	Description
Admin Mode	Enables or Disables the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is Disable. You can only download SSL certificates when the HTTPS Admin mode is disabled.
TLS Version 1	Enables or Disables Transport Layer Security Version 1.0. The currently configured value is shown when the web page is displayed. The default value is Enable.
SSL Version 3	Enables or Disables Secure Sockets Layer Version 3.0. The currently configured value is shown when the web page is displayed. The default value is Enable.
HTTPS Port Number	Sets the HTTPS Port Number. The value must be in the range of 1 to 65535. Port 443 is the default value. The currently configured value is shown when the web page is displayed.
HTTPS Session Soft Timeout	Sets the inactivity timeout for HTTPS sessions. The value must be in the range of (1 to 60) minutes. The default value is 5 minutes. The currently configured value is shown when the web page is displayed.
HTTPS Session Hard Timeout	Sets the hard timeout for HTTPS sessions. This timeout is unaffected by the activity level of the session. The value must be in the range of (1 to 168) hours. The default value is 24 hours. The currently configured value is shown when the web page is displayed.
Maximum Number of HTTPS Sessions	Sets the maximum allowable number of HTTPS sessions. The value must be in the range of (0 to 16). The default value is 16. The currently configured value is shown when the web page is displayed.
Certificate Present?	Displays True if present /False if the certificate not present.
Certificate Generation Status	Displays the generation status of the certificate in progress/failed.

For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate. The switch can generate its own certificates, or you can generate these externally and download them to the switch.

Generating Certificates

To have the switch generate the certificates:

Click Generate Certificates. The page refreshes with the message “Certificate generation in progress”.
Click Submit to complete the process. The page refreshes with the message “No certificate generation in progress” and the Certificate Present field displays as “True”.

Downloading SSL Certificates

Before you download a file to the switch, the following conditions must be true:

The file to download from the TFTP server is on the server in the appropriate directory.
The file is in the correct format.
The switch has a path to the TFTP server.

Use the following procedures to download an SSL certificate.

Click the Download Certificates button at the bottom of the page. The Download Certificates button links to the File Download page.
NOTE: The Download Certificates button is only available if the HTTPS admin mode is disabled. If the mode is enabled, disable it and click Submit. When the page refreshes, the Download Certificates button appears.
From the File Type field on the File Download page, select one of the following types of SSL files to download:
- SSL Trusted Root Certificate PEM File: SSL Trusted Root Certificate File (PEM Encoded).
- SSL Server Certificate PEM File: SSL Server Certificate File (PEM Encoded).
- SSL DH Weak Encryption Parameter PEM File: SSL Diffie-Hellman Weak Encryption Parameter File (PEM Encoded).
- SSL DH Strong Encryption Parameter PEM File: SSL Diffie-Hellman Strong Encryption Parameter File (PEM Encoded).
Verify the IP address of the TFTP server and ensure that the software image or other file to be downloaded is available on the TFTP server.
Complete the TFTP Server IP Address and TFTP File Name (full path without TFTP server IP address) fields.
Select the Start File Transfer check box, and then click Submit. After you click Submit, the screen refreshes and a “File transfer operation started” message appears. After the software is downloaded to the device, a message appears indicating that the file transfer operation completed successfully.
To return to the Secure HTTP Configuration page, click Security > Secure HTTP > Configuration in the navigation menu.
To enable the HTTPS admin mode, select Enable from the HTTPS Admin Mode field, and then click Submit.