The HTTPS Configuration page configures the certificate used by HTTPS for secure remote management as well as any alternate HTTPS port to use. Access to the system from the WAN or public interface requires HTTPS access, which is enabled on the Firewall page.
- Access from the LAN or private interface using HTTPS is not enabled by default on some platforms. Verify your requirements and check current firewall settings.
You must create or upload a certificate using the Certificate Store before you can set the certificate to use HTTPS.
This section outlines how to configure the HTTPS.
Choose Security > HTTPS Configuration.
Configure settings using the information in the following table as a guide. When you have finished configuring settings, click Submit to make your changes take effect.
HTTPS Configuration Parameters
Item | Description |
---|
Certificate | Choose a certificate from the Certificate drop-down list. If you need to create or upload a certificate, click the Certificate Store link or choose Security > Certificates and refer to Certificate Management. |
Password | (Optional) Enter the password that protects the private key file. |
Alternate HTTPS port | Enter the port number that the system web server uses to listen for inbound management HTTPS requests. By default this port is 443. Note: If you change the default connection port 443 to another port, you must update your browser URL to the following format: https:// [ip-of-device] : [alternate-https-port] |
TLS Protocol | Choose the security protocol to be used for HTTPS requests to the system’s web server. The following protocols are supported: - TLSv1.0: Allows only TLS protocol version 1.0 (RFC 2246)
- TLSv1.2: Allows only TLS protocol version 1.2 (RFC 5246)
- TLSv1.3: Allows only TLS protocol version 1.3 (RFC 8446)
|
Ciphers String | Enter the cipher suite offered by the system’s web server during a TLS handshake. The defaults used for supported TLS protocols are listed below: - TLSv1+HIGH:!eNULL:!aNULL [Default for TLSv1.0]: TLSv1 cipher suite, Key size 128 bit or more, no cipher suits with no encryption, no cipher suits with no authentication.
- TLSv1.2+HIGH:!eNULL:!aNULL [Default for TLSv1.2]: TLSv1.2 cipher suite, Key size 128 bit or more, no cipher suits with no encryption, no cipher suits with no authentication.
- TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 [Default for TLSv1.3]TLSv1.3 cipher suite.
|