KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

251

252

253

254

255

256

257

258

259

260

Table 25 Self-signed certificate browser compatibility (continued)

Operating SystemBowsers

Firefox 1.5

Netscape 7.1

Mozilla 1.4

Mac OS X 10.5Safari

Opera 9.0+

Konqueror 3.5

Products Mozilla based on NSS 3.8+

Products based on OpenSSL 0.9.8+

Products based on Java 1.4.2+

NOTE: sha256withRSAEncryption is not compatible with certain operating system and

browser combinations. It is supported in Google Chrome on operating systems Windows Vista

and above only. Similarly, Internet Explorer 8 with Windows 2003 Server is not compatible with

sha256withRSAEncryption. All other browsers certificate tested appear to work. For more

details about Selfsigned compatibility of browsers go to https://sha256.tbsinternet.com/

limitations_certs_sha256.html.en.

Authority-signed certificate

Authority-signed certificate is digitally signed by a certificate authority, and has a chain of trust

leading to the Trust Anchor or a root CA certificate.

Enabling SSL on the switch and anticipating SSL browser contact behavior

The web-management ssl command enables SSL on the switch and modifies parameters the

switch uses for transactions with clients. After you enable SSL, the switch can authenticate itself to

SSL enabled browsers. If you want to disable SSL on the switch, use the no web-management

ssl command.

NOTE: When using self-signed certificates with the switch, there is a possibility for a

“man-in-the-middle” attack especially when connecting for the first time; that is, an unauthorized

device could pose undetected as a switch, and learn the usernames and passwords controlling

access to the switch. Use caution when connecting to a switch using self-signed certificates. Before

accepting the certificate, closely verify the contents of the certificate (see browser documentation

for additional information on viewing contents of certificate.) The security concern described above

does not exist when using CA-signed certificates that have been signed by certificate authorities

that the web browser already trusts.

Using the CLI interface to enable web management over SSL/TLS

Syntax

[no]web-management ssl

Enables or disables SSL on the switch

[port < 1-65535 | default:443 >]

The TCP port number for SSL connections (default: 443).

show config

Shows status of the SSL server. When enabled webmanagement ssl will be present

in the config list.

Configuration summary 257