Web support

The current security—SSL page configures web UI SSL servers only. The Suite B features are not supported on the web UI. The following are requirements for a web UI design:

  • The web UI implicitly uses a TA profile named “default”. If the TA certificate installed on the switch is associated with a profile of another name, the TA certificate is read-only to the web UI. See Trust anchor profile (crypto pki ta-profile).

  • The web UI supports local certificate enrollment with an implicit usage of ’web’. See Local certificate enrollment – manual mode.

  • The web UI supports self-signed local certificate enrollment with an implicit usage of ‘web’. See Local certificate enrollment – manual mode.

  • The web UI shows the TA certificate and the configured SSL server certificate with ‘web’ usage with any intermediate certificates in the chain. The display will match the Certificate Detail format as described in Profile specific—TA profile.

  • The web UI must be able to replace an SSL server certificate (as it currently does.)

  • The web UI does not need to provide ‘zeroization’ of any certificates. See Zeroization.