The general steps for configuring SSL include client and switch preparation.
-
Install an SSL capable browser application on a management station you want to use for access to the switch. See the documentation provided with your browser for details.
NOTE: The latest versions of Microsoft© Internet Explorer and Netscape web browser support SSL and TLS functionality, see browser documentation for additional details.
-
-
Assign a login (operator) and enable (manager) password on the switch. See Assigning a local login (operator) and enabling (manager) password.
-
Generate a host certificate on the switch. See Generating the switch's server host certificate.
-
Generate certificate key pair
-
Generate host certificate
-
You need to do this only once. The switch's own public/private certificate key pair and host certificate are stored in the switch flash memory and are not affected by reboots or the erase
startup-config
command. You can remove or replace this certificate, if necessary. The certificate key pair and the SSH key pair are independent of each other, which means a switch can have two keys pairs stored in flash. -
-
Enable SSL on the switch. See “SSH client contact behavior:”.
-
Use your SSL enabled browser to access the switch using the switch IP address or DNS name (if allowed by your browser). See the documentation provided with the browser application.