2 ssl configuration task list, Onfiguration – PLANET XGS3-24042 User Manual

57-8

Firstly, SSL should be enabled on the switch. When the client tries to access the switch through https method,

a SSL session will be set up between the switch and the client. When the SSL session has been set up, all the

data transmission in the application layer will be encrypted.

SSL handshake is done when the SSL session is being set up. The switch should be able to provide

certification keys. Currently the keys provided by the switch are not the formal certification keys issued by

official authentic, but the private certification keys generated by SSL software under Linux which may not be

recognized by the web browser. With regard to the switch application, it is not necessary to apply for a formal

SSL certification key. A private certification key is enough to make the communication safe between the users

and the switch. Currently it is not required that the client is able to check the validation of the certification key.

The encryption key and the encryption method should be negotiated during the handshake period of the

session which will be then used for data encryption.

SSL session handshake process:

57.2 SSL Configuration Task List

1.

Enable/disable SSL function

2.

Configure/delete port number by SSL used

3.

Configure/delete secure cipher suite by SSL used

4.

Maintenance and diagnose for the SSL function

1. Enable/disable SSL function

Command

Explanation

Global Mode

ip http secure-server

no ip http secure-server

Enable/disable SSL function.