Configuring the Switch3-603Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number,then click Apply.Figure 3-35 HTTPS SettingsCLI – This example enables the HTTP secure server and modifies the port number.Replacing the Default Secure-site CertificateWhen you log onto the web interface using HTTPS (for secure access), a SecureSockets Layer (SSL) certificate appears for the switch. By default, the certificate thatNetscape and Internet Explorer display will be associated with a warning that thesite is not recognized as a secure site. This is because the certificate has not beensigned by an approved certification authority. If you want this warning to be replacedby a message confirming that the connection to the switch is secure, you mustobtain a unique certificate and a private key and password from a recognizedcertification authority.Caution: For maximum security, we recommend you obtain a unique Secure SocketsLayer certificate at the earliest opportunity. This is because the defaultcertificate for the switch is not unique to the hardware you have purchased.When you have obtained these, place them on your TFTP server, and use thefollowing command at the switch's command-line interface to replace the default(unrecognized) certificate with an authorized one:Note: The switch must be reset for the new certificate to be activated. To reset theswitch, type: Console#reloadConsole(config)#ip http secure-server 4-32Console(config)#ip http secure-port 443 4-33Console(config)#Console#copy tftp https-certificate 4-70TFTP server ip address: <server ip-address>Source certificate file name: <certificate file name>Source private file name: <private key file name>Private password: <password for private key>