The HTTPS Configuration page configures the certificate used by HTTPS for secure remote management and any alternate HTTPS port to use. Access to the system from the WAN or public interface requires HTTPS access, which is enabled on the Firewall page.

Before you Begin

  1. Access from the LAN or private interface using HTTPS is not enabled by default on some platforms. Verify your requirements and check the current firewall settings on the Firewall page. Choose Security from the Configuration Menu and refer to Configure Basic WAN Firewall Settings.
  2. You must create or upload a certificate using the Certificate Store before you can set the certificate to use HTTPS.

    Note

    Choose Security > Certificates to create or upload a certificate (refer to Managing Certificates).

Configuring the HTTPS

This section outlines how to configure the HTTPS.

To Configure the HTTPS

  1. Choose Security > HTTPS Configuration.

  2. Configure settings using the information in the following table as a guide. When you have finished configuring settings, click Submit to make your changes take effect.

    HTTPS Configuration Parameters

    ItemDescription
    Certificate     

    Choose a certificate from the Certificate drop-down list.

    If you need to create or upload a certificate, click the Certificate Store link or choose Security > Certificates and refer to Managing Certificates.

    Password

    (Optional) Enter the password that protects the private key file.

    Alternate HTTPS port

    Enter the port number that the system web server uses to listen for inbound management HTTPS requests. By default, this port is 443.

    Note: If you change the default connection port 443 to another port, you must update your browser URL to the following format: https:// [ip-of-device] : [alternate-https-port]

    TLS Protocol

    Choose the security protocol to be used for HTTPS requests to the system’s web server. The following protocols are supported:

    • TLSv1.0: Allows only TLS protocol version 1.0 (RFC 2246)
    • TLSv1.2: Allows only TLS protocol version 1.2 (RFC 5246)
    • TLSv1.3: Allows only TLS protocol version 1.3 (RFC 8446)

    Ciphers String

    Enter the cipher suite offered by the system’s web server during a TLS handshake. The defaults used for supported TLS protocols are listed below:

    • TLSv1+HIGH:!eNULL:!aNULL [Default for TLSv1.0]: TLSv1 cipher suite, Key size 128 bit or more, no cipher suits with no encryption, no cipher suits with no authentication
    • TLSv1.2+HIGH:!eNULL:!aNULL [Default for TLSv1.2]: TLSv1.2 cipher suite, Key size 128 bit or more, no cipher suits with no encryption, no cipher suits with no authentication
    • TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 [Default for TLSv1.3]TLSv1.3 cipher suite.