Home » Seguridad en una SAN Brocade III – Activar administración por HTTPS

Seguridad en una SAN Brocade III – Activar administración por HTTPS

En el post  Seguridad en una SAN Brocade II – Administración con protocolos inseguros  se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLSEl procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches: 

1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos: 
 

core1:angel> seccertutil genkey 
Generating a new key pair will automatically do the following: 
1. Delete all existing CSRs. 
2. Delete all existing certificates. 
3. Reset the certificate filename to none. 
4. Disable secure protocols. 

Continue (yes, y, no, n): [no] yes 
Select key size [1024 or 2048]: 1024 
Generating new rsa public/private key pair 
Done. 

core1:angel> seccertutil gencsr 
Country Name (2 letter code, eg, US):ES 
State or Province Name (full name, eg, California):Sevilla 
Locality Name (eg, city name):Sevilla 
Organization Name (eg, company name):AA 
Organizational Unit Name (eg, department name):LABS 
Common Name (Fully qualified Domain Name, or IP address):core1 
Generating CSR, file name is: 192.168.100.1.csr 
Done. 

core1:angel> seccertutil export 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter Login Name: angel 
Enter Password:  
Success: exported CSR. 

2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS: 

 

angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem 
Signature ok 
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1 
Getting CA Private Key 
Enter pass phrase for cakey.pem: 

En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma: 

 

core1 –> 01 
core2 –> 02 
edge4 –> 03 
edge2 –> 04 
edge8 –> 05 
edge6 –> 06 
edge3 –> 07 
edge1 –> 08 
edge7 –> 09 
edge5 –>10 
 

3.- El certificado creado importarlo en el switch 

 

core1:angel> seccertutil import -config swcert -enable https 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem 
Enter Login Name: angel 
Enter Password:  
Success: imported certificate [192.168.100.1.pem]. 
Certificate file in configuration has been updated. 
Secure http has been enabled. 
 

De esta forma ya está el servicio HTTPS levantado.

1.117 Responses to “Seguridad en una SAN Brocade III – Activar administración por HTTPS”

  1. I know this if off topic but I’m looking into starting my own weblog and was
    curious what all is needed to get setup? I’m assuming having a blog like
    yours would cost a pretty penny? I’m not very web smart so
    I’m not 100% sure. Any suggestions or advice would be greatly appreciated.
    Many thanks

  2. bookmarked!!, I really like your website!

  3. Hello there, just became alert to your blog
    through Google, and found that it is truly informative.
    I am gonna watch out for brussels. I will appreciate if you continue
    this in future. A lot of people will be benefited from your writing.
    Cheers!

    Here is my blog post – https://bandaragenterpercaya.com/

  4. Hello just wanted to give you a brief heads up and let you know a few of the pictures aren’t loading
    properly. I’m not sure why but I think its
    a linking issue. I’ve tried it in two different browsers and both
    show the same results.

  5. I pay a visit daily some web sites and information sites to
    read articles, but this weblog provides feature based posts.

  6. Appreciating the persistence you put into your site and detailed information you present.
    It’s awesome to come across a blog every once in a while that isn’t the same unwanted rehashed information. Fantastic
    read! I’ve saved your site and I’m including your RSS feeds to my Google account.

  7. It’s perfect time to make some plans for the future and it’s time to be happy.
    I have read this post and if I could I want
    to suggest you few interesting things or tips. Perhaps you could write next articles
    referring to this article. I desire to read even more things
    about it!

  8. slot online dice:

    Generally I don’t read article on blogs, but I wish to
    say that this write-up very forced me to try and do
    it! Your writing style has been amazed me. Thanks,
    quite nice article.

  9. I got this site from my pal who informed me concerning this
    site and now this time I am visiting this site and reading very informative
    articles or reviews at this time.

  10. Amazing! This blog looks exactly like my old one! It’s on a entirely different subject
    but it has pretty much the same page layout and design. Superb choice of colors!

  11. I am truly thankful to the holder of this web site who has shared this
    fantastic post at at this time.

  12. judi online dice:

    Hi terrific blog! Does running a blog similar to this take a great deal of work?

    I have virtually no expertise in programming but I was hoping to start
    my own blog soon. Anyways, if you have any suggestions or techniques for new blog owners please
    share. I know this is off subject however I simply wanted to ask.
    Many thanks!

  13. Howdy just wanted to give you a quick heads up. The words in your post
    seem to be running off the screen in Chrome.

    I’m not sure if this is a formatting issue or something to do with browser compatibility but I figured
    I’d post to let you know. The style and design look great though!
    Hope you get the problem fixed soon. Kudos

  14. Hi my loved one! I wish to say that this post is awesome,
    nice written and include almost all significant infos.
    I’d like to see extra posts like this .

  15. Hello, Neat post. There is a problem together with your
    web site in internet explorer, may test this? IE still is the market leader and a good
    section of other folks will miss your fantastic writing because of this problem.

  16. There is certainly a lot to find out about this issue.
    I like all of the points you have made.

  17. Landon dice:

    Great information. Lucky me I discovered your website by accident (stumbleupon).
    I’ve book-marked it for later!

  18. Hello There. I found your blog using msn. This is a really well written article.
    I’ll make sure to bookmark it and come back to read
    more of your useful info. Thanks for the post. I’ll definitely comeback.

  19. I loved as much as you’ll receive carried out right here.
    The sketch is attractive, your authored material stylish. nonetheless, you
    command get bought an edginess over that you wish be delivering the following.

    unwell unquestionably come further formerly again as exactly the same
    nearly a lot often inside case you shield this increase.

  20. We stumbled over here different web address and thought I may as well check things out.
    I like what I see so i am just following you. Look forward to looking at your web page again.

  21. Hi there! I know this is somewhat off topic but I was wondering which blog platform are you using for this website?
    I’m getting fed up of WordPress because I’ve had
    issues with hackers and I’m looking at alternatives
    for another platform. I would be awesome if you could point
    me in the direction of a good platform.

  22. Nice replies in return of this difficulty with solid arguments and telling all about that.

  23. With havin so much content do you ever run into any problems of plagorism or copyright infringement?
    My blog has a lot of exclusive content I’ve either written myself or outsourced but it seems a
    lot of it is popping it up all over the internet without my permission. Do you know any solutions to help stop content from being stolen? I’d definitely appreciate it.

  24. I am genuinely delighted to read this web site posts which carries lots of helpful data,
    thanks for providing these data.

  25. qnbuz.net dice:

    I’m amazed, I have to admit. Seldom do I encounter a blog that’s equally educative and engaging,
    and without a doubt, you have hit the nail on the head. The problem
    is an issue that not enough men and women are speaking intelligently about.

    I’m very happy I came across this in my search for something concerning this.

  26. hi!,I like your writing very so much! percentage we keep in touch more about your article on AOL?
    I need a specialist on this area to resolve my problem.

    May be that is you! Taking a look forward
    to peer you.

  27. Great delivery. Great arguments. Keep up the amazing effort.

    My homepage; https://aduayamsabung.com

  28. Hi there it’s me, I am also visiting this site regularly, this site is truly pleasant and the users are genuinely sharing
    fastidious thoughts.

  29. When I originally commented I seem to have clicked the -Notify
    me when new comments are added- checkbox and now whenever
    a comment is added I recieve four emails with the same comment.

    Perhaps there is a way you are able to remove me from that service?
    Many thanks!

  30. Hey there, I think your blog might be having browser compatibility issues.

    When I look at your blog site in Ie, it looks fine but when opening in Internet Explorer, it has some overlapping.

    I just wanted to give you a quick heads up! Other then that, very good blog!

  31. What’s up, just wanted to tell you, I liked this article.
    It was practical. Keep on posting!

  32. You actually make it seem so easy with your presentation but I find this matter to
    be really something that I think I would never understand.
    It seems too complex and extremely broad for me. I am looking forward for your
    next post, I’ll try to get the hang of it!

  33. Hello there, just became aware of your blog through Google, and found that it is truly informative.
    I’m gonna watch out for brussels. I’ll be grateful if you continue this in future.
    Numerous people will be benefited from your writing.

    Cheers!

  34. Wow that was strange. I just wrote an extremely long comment but after I clicked submit my
    comment didn’t appear. Grrrr… well I’m not writing all that over again. Regardless,
    just wanted to say fantastic blog!

  35. Hurrah! In the end I got a weblog from where I can genuinely get
    valuable facts concerning my study and knowledge.

  36. samefo.ge dice:

    hello there and thank you for your info – I
    have certainly picked up something new from right here.
    I did however expertise some technical issues using this web site, as I experienced
    to reload the site lots of times previous to I could get
    it to load properly. I had been wondering if your web host is OK?
    Not that I’m complaining, but sluggish loading instances times
    will very frequently affect your placement in google and
    can damage your high-quality score if ads and marketing with Adwords.
    Anyway I’m adding this RSS to my email and could look out for much more of your respective fascinating content.
    Make sure you update this again soon.

  37. Heya great website! Does running a blog such as this require a great deal of work?
    I have absolutely no understanding of coding but I had been hoping to start my own blog in the near future.

    Anyhow, should you have any ideas or tips for new blog owners
    please share. I understand this is off subject however I simply needed
    to ask. Thanks a lot!

  38. The other day, while I was at work, my cousin stole my iphone and tested
    to see if it can survive a forty foot drop, just so she can be a youtube sensation.
    My iPad is now destroyed and she has 83 views.
    I know this is totally off topic but I had to share it with someone!

  39. Wonderful work! This is the kind of info that are supposed to be shared around the net.
    Disgrace on the search engines for not positioning this put
    up upper! Come on over and consult with my web site .
    Thanks =)

  40. Hey There. I found your weblog using msn. This is a really
    neatly written article. I will be sure to bookmark it and come back to learn more of your helpful info.
    Thank you for the post. I’ll definitely comeback.

  41. Really no matter if someone doesn’t know after that its up to other people
    that they will help, so here it happens.

  42. It’s not my first time to visit this website, i am visiting this site dailly and
    obtain good information from here everyday.

  43. Its like you read my mind! You seem to know so much approximately this, such as you
    wrote the guide in it or something. I think that you can do with a few p.c.

    to pressure the message house a bit, but other than that,
    that is magnificent blog. A fantastic read. I’ll definitely be back.

  44. I have been browsing online more than three hours as of late, but I never found
    any interesting article like yours. It’s pretty price enough for me.
    Personally, if all webmasters and bloggers made excellent content material as you did, the internet
    shall be much more useful than ever before.

  45. I simply could not go away your site before suggesting that I actually loved
    the usual info an individual provide in your guests? Is gonna be
    again continuously in order to inspect new posts

  46. Wade dice:

    Undeniably consider that that you stated. Your favourite justification seemed to be at the web the easiest thing to be mindful of.

    I say to you, I certainly get irked at the same time as other people think about issues that they plainly do not recognize about.
    You managed to hit the nail upon the top as well as defined out the
    whole thing with no need side-effects , other people could take
    a signal. Will probably be back to get more. Thank you

  47. bitly.com dice:

    Remarkable! Its in fact amazing post, I
    have got much clear idea concerning from this piece of
    writing. ps4 https://bit.ly/3z5HwTp ps4 games

  48. asmr was dice:

    These are genuinely fantastic ideas in about blogging.
    You have touched some pleasant points here.
    Any way keep up wrinting.

  49. great post, very informative. I ponder why the other experts of this sector do not notice this.
    You should continue your writing. I’m confident, you’ve a huge readers’
    base already!

  50. […] En éste caso, al denegarse el acceso por HTTP no se dispondrá de la interfaz de administración WEB TOOLS, para activar su acceso por HTTPS  ver post Seguridad en una SAN Brocade III – Activar administración por HTTPS. […]

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *