Installing the switch's server web host certificate

You must install a server certificate on the switch before enabling web management over SSL/TLS. The switch uses this server certificate, along with a dynamically generated session key pair to negotiate an encryption method and session with a browser trying to connect via SSL to the switch. The session key pair is not visible on the switch, rather It is a temporary, internally generated pair used for a particular switch/client session and then discarded.

When you install a new certificate on the switch, the switch places the key and certificate in flash memory. The switch maintains the certificate across reboots and power cycles.

Removing the switch's web certificate renders the switch unable to engage in secure web operation and automatically disables web management over SSL on the switch.

There are two types of certificate that can be used for the switch’s host certificate:
  • Self-signed certificate

  • Authority-signed certificate