Enabling SSL on the switch and anticipating SSL browser contact behavior
The web-management ssl command
enables SSL on the switch and modifies parameters the switch uses
for transactions with clients. After you enable SSL, the switch can
authenticate itself to SSL enabled browsers. If you want to disable
SSL on the switch, use the no web-management ssl command.
When using self-signed certificates with the switch, there is a possibility for a “man-in-the-middle” attack especially when connecting for the first time; that is, an unauthorized device could pose undetected as a switch, and learn the user names and passwords controlling access to the switch. Use caution when connecting to a switch using self-signed certificates. Before accepting the certificate, closely verify the contents of the certificate (see browser documentation for additional information on viewing contents of certificate.) The security concern described above does not exist when using CA-signed certificates that have been signed by certificate authorities that the web browser already trusts.