4.10.1.5 Security-Switch-HTTPS Configuration

The HTTPS Configuration page allows you to configure the HTTPS settings and maintain the current certificate on the switch, as shown in the following figure.

Figure 4-37. HTTPS Configuration
???

The HTTPS Configuration page has the following parameters:

  • Mode: Indicate the HTTPS mode operation. The following are the possible modes:
    • Enabled: Enables HTTPS mode operation
    • Disabled: Disables HTTPS mode operation
  • Automatic Redirect: Indicates the HTTPS redirect mode operation. It is only significant when Modeoption is enabled. When the Automatic Redirect option is enabled, the HTTP connection is redirected to HTTPS connection automatically.

    The following are the possible modes:

    • Enabled: Enables HTTPS redirect mode operation
    • Disabled: Disables HTTPS redirect mode operation
    Note: The browser may not allow the redirect operation due to security consideration unless the switch certificate is trusted to the browser. You need to initialize the HTTPS connection manually for this case.
  • Certificate Maintain: The operation of certificate maintenance. The following are the possible operations:
    • None: No operation
    • Delete: Delete the current certificate
    • Upload: Upload a certificate PEM file. Possible methods are Web Browser or URL. The following parameters are to be set when uploading a certificate:
      • Certificate Pass Phrase: Enter the pass phrase in this field if your uploading certificate is protected by a specific passphrase
      • Certificate Upload: Upload a certificate PEM file into the switch. The file must contain the certificate and private key together. If you have two separate files for saving certificate and private key, then use the Linux® cat command to combine them into a single PEM file. For example, cat my.cert my.key > my.pem
        Note: The RSA certificate is recommended as most of the new versions of browsers do not support DSA in certificate. For example, Firefox v37 and Chrome v39.

        The following are the possible methods:

        • Web Browser: Upload a certificate through Web browser
        • URL: Upload a certificate through URL. The supported protocols are HTTP, HTTPS, TFTP, and FTP.

          The URL format is:

          <protocol>://[<username>[:<password>]@]< host>[:<port>][/<path>]/<file_name>.

          A valid file name is a text string drawn from alphabet (A–Z, a–z), digits (0–9), dot (.), hyphen (-), and under score (_). The maximum length is 63 and a hyphen must not be the first character. The file name content that only contains a dot (.) is not allowed.

          Example:

          tftp://10.10.10.10/new_image_path/new_image.dat

          http://username:password@10.10.10.10:80/ new_image_path/new_image.dat.

    • Generate: Generate a new self-signed RSA certificate
  • Certificate Status: Display the current status of certificate on the switch. The following are the possible statuses:
    • Switch secure HTTP certificate is presented
    • Switch secure HTTP certificate is not presented
    • Switch secure HTTP certificate is generating ...