Steps for configuring and using SSL for switch and client authentication

  1. Client preparation:
    1. Install an SSL capable browser application on a management station you want to use for access to the switch. See the documentation provided with your browser for details.
    2. Assign a login (operator) and enable (manager) password on the switch. See Assigning a local login (operator) and enabling (manager) passwords.
  2. Switch preparation:
    1. Generate a host certificate on the switch. See Generating the switch's server host certificate.
      • Generate certificate key pair

      • Generate host certificate

      You need to do this only once. The switch's own public/private certificate key pair and host certificate are stored in the switch flash memory and are not affected by reboots or the erase startup-config command. You can remove or replace this certificate, if necessary. The certificate key pair and the SSH key pair are independent of each other, which means a switch can have two keys pairs stored in flash.

  3. Enable SSL on the switch. See SSL client contact behavior.
  4. Use your SSL enabled browser to access the switch using the switch IP address or DNS name (if allowed by your browser). See the documentation provided with the browser application.