4.10.1.5 Security Switch HTTPS Configuration

The HTTPS Configuration page allows you to configure the HTTPS settings and maintain the current certificate on the switch, as shown in the following figure.

Figure 4-31. HTTPS Configuration

The HTTPS Configuration page has the following parameters:

  • Mode: Indicate the HTTPS mode operation. The following are the possible modes:
    • Enable: Enable HTTPS mode operation
    • Disabled: Disable HTTPS mode operation
  • Automatic Redirect: Indicates the HTTPS redirect mode operation. It is only significant when HTTPS Mode Enabled is selected. When the redirect mode is enabled, the HTTP connection is redirected to HTTPS connection automatically.
    Note: The browser may not allow the redirect operation due to the security consideration unless the switch certificate is trusted to the browser.
    You need to initialize the HTTPS connection manually for this case. The following are the possible modes:
    • Enabled: Enable HTTPS redirect mode operation
    • Disabled: Disable HTTPS redirect mode operation
  • Certificate Maintain: The operation of certificate maintenance. The following are the possible operations:
    • None: No operation
    • Delete: Delete the current certificate
    • Upload: Upload a certificate PEM file. Possible methods are Web Browser or URL.
    • Generate: Generate a new self-signed RSA certificate
  • Certificate Pass Phrase: Enter the pass phrase in this field if your uploading certificate is protected by a specific passphrase
  • Certificate Upload: Upload a certificate PEM file into the switch. The file must contain the certificate and private key together. If you have two separate files for saving certificate and private key, then use the Linux® cat command to combine them into a single PEM file. For example, cat my.cert my.key > my.pem
    Note: The RSA certificate is recommended as most of the new versions of browsers do not support DSA in certificate. For example, Firefox v37 and Chrome v39.
    The following are the possible methods:
    • Web Browser: Upload a certificate through Web browser
    • URL: Upload a certificate through URL. The supported protocols are HTTP, HTTPS, TFTP, and FTP. The URL format is: <protocol>://[<username>[:<password>]@]< host>[:<port>][/<path>]/<file_name>. For example, tftp://10.10.10.10/new_image_path/new_image.dat, http://username:password@10.10.10.10:80/new_image_path/new_image.dat. A valid file name is a text string drawn from alphabet (A–Z, a–z), digits (0–9), dot (.), hyphen (-), and under score (_). The maximum length is 63 and a hyphen must not be the first character. The file name content that only contains a dot (.) is not allowed.
  • Certificate Status: Display the current status of certificate on the switch. The following are the possible statuses:
    • Switch secure HTTP certificate is presented
    • Switch secure HTTP certificate is not presented
    • Switch secure HTTP certificate is generating ....