Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch by using a Web interface, secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks.
Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between the management station and the switch. To display the Secure HTTP Configuration page, click Security > Secure HTTP > Configuration in the navigation menu.
Field |
Description |
---|---|
Admin Mode |
Enables or Disables the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is Disable. You can only download SSL certificates when the HTTPS Admin mode is disabled. |
TLS Version 1 |
Enables or Disables Transport Layer Security Version 1.0. The currently configured value is shown when the web page is displayed. The default value is Enable. |
SSL Version 3 |
Enables or Disables Secure Sockets Layer Version 3.0. The currently configured value is shown when the web page is displayed. The default value is Enable. |
HTTPS Port Number |
Sets the HTTPS Port Number. The value must be in the range of 1 to 65535. Port 443 is the default value. The currently configured value is shown when the web page is displayed. |
HTTPS Session Soft Timeout |
Sets the inactivity timeout for HTTPS sessions. The value must be in the range of (1 to 60) minutes. The default value is 5 minutes. The currently configured value is shown when the web page is displayed. |
HTTPS Session Hard Timeout |
Sets the hard timeout for HTTPS sessions. This timeout is unaffected by the activity level of the session. The value must be in the range of (1 to 168) hours. The default value is 24 hours. The currently configured value is shown when the web page is displayed. |
Maximum Number of HTTPS Sessions |
Sets the maximum allowable number of HTTPS sessions. The value must be in the range of (0 to 16). The default value is 16. The currently configured value is shown when the web page is displayed. |
Certificate Present? |
Displays True if present /False if the certificate not present. |
Certificate Generation Status |
Displays the generation status of the certificate in progress/failed. |
For the Web server on the switch to accept HTTPS connections from a management station, the Web server needs a public key certificate. The switch can generate its own certificates, or you can generate these externally and download them to the switch.
To have the switch generate the certificates:
Before you download a file to the switch, the following conditions must be true:
Use the following procedures to download an SSL certificate.
NOTE: The Download Certificates button is only available if the HTTPS admin mode is disabled. If the mode is enabled, disable it and click Submit. When the page refreshes, the Download Certificates button appears.