Replacing the default secure-site certificate, Replacing the default secure-site certificate -23, Cli commands – SMC Networks SMC EZ 10/100/1000 SMCGS8P-Smart User Manual
Page 55
S
ECURITY
2-23
CLI Commands
CLI – Enter the following commands to specify the secure port
number and to enable HTTPS.
Replacing the Default Secure-site Certificate
When you log onto the Web interface using HTTPS (for secure
access), a Secure Sockets Layer (SSL) certificate appears for the
switch. By default, the certificate that Netscape and Internet
Explorer display will be associated with a warning that the site is
not recognized as a secure site. This is because the certificate has
not been signed by an approved certification authority. If you
want this warning to be replaced by a message confirming that the
connection to the switch is secure, you must obtain a unique
certificate and a private key and password from a recognized
certification authority.
Note: For maximum security, we recommend you obtain a
unique Secure Sockets Layer certificate at the earliest
opportunity. This is because the default certificate for the
switch is not unique to the hardware you have purchased.
When you have obtained these, place them on your TFTP server,
and use the following command at the switch's command-line
interface to replace the default (unrecognized) certificate with an
authorized one:
Console(config)#ip http secure-server
Console(config)#ip http secure-port 441
Console(config)#
Console#copy tftp https-certificate
TFTP server ip address:
Source certificate file name:
Source private file name:
Private password:
b_mgmt.book Page 23 Tuesday, July 8, 2003 5:24 PM