7-6
Configuring Secure Socket Layer (SSL)
General Operating Rules and Notes
General Operating Rules and Notes
■ Once you generate a certificate on the switch you should avoid re-
generating the certificate without a compelling reason. Otherwise, you
will have to re-introduce the switch’s certificate on all management
stations (clients) you previously set up for SSL access to the switch. In
some situations this can temporarily allow security breaches.
■ The switch's own public/private certificate key pair and certificate are
stored in the switch's flash memory and are not affected by reboots or the
erase startup-config command
■ The public/private certificate key pair is not be confused with the SSH
public/private key pair. The certificate key pair and the SSH key pair are
independent of each other, which means a switch can have two keys pairs
stored in flash.
