74 CHAPTER 4: MANAGING D EVICE S ECURITYEncryptingConnection to theWeb Interface(HTTPS)HTTPS allows secure access to the Web interface of the switch. If youadminister your switch remotely or over an insecure network, the switchcan encrypt all HTTP traffic to and from the Web interface using theSecure Sockets Layer (SSL) of HTTP. If your network traffic is intercepted,no passwords or configuration information will be visible in the data.To use HTTPS you need the following:■ A browser that supports SSL■ A digital certificate installed on the switchThe switch ships with a default certificate installed. This certificate has notbeen validated by a Certifying Authority and your browser may warn youthat the certificate has not been certified. Using a properly validatedcertificate provides a higher level of security than the default certificate.You can securely browse your switch by using the HTTPS (HTTP over SSL)protocol. To access the Web interface securely, enter the following intoyour browser:https://xxx.xxx.xxx.xxx/where xxx.xxx.xxx.xxx is the IP address of your switch.Both HTTP and HTTPS service can be enabled independently on theswitch. However, you cannot configure the HTTP and HTTPS servers touse the same TCP port.If you enable HTTPS, you must indicate this in the URL that you specify inyour browser and specify the port number if not using the default value:https://device[:port_number]When you start HTTPS, the connection is established in this way:■ The client authenticates the server using the server’s digital certificate.■ The client and server negotiate a set of security protocols to use forthe connection.■ The client and server generate session keys for encrypting anddecrypting data.