En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Genuinely when someone doesn’t know after that its up to other users that
they will help, so here it happens.
Hey! Quick question that’s totally off topic. Do you know how to
make your site mobile friendly? My blog looks weird when viewing from
my iphone. I’m trying to find a theme or plugin that might be able to correct this
problem. If you have any recommendations, please share.
Cheers!
You actually make it seem so easy with your presentation however I to find this matter to
be really one thing that I believe I’d never understand.
It kind of feels too complicated and extremely broad
for me. I’m taking a look ahead to your subsequent publish, I’ll try to get the hang of it!
Thanks to my father who stated to me on the topic of this website, this weblog is really
remarkable.
It’s enormous that you are getting ideas from this article as well
as from our dialogue made at this place.
I’m not that much of a internet reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your site to come back down the road.
Cheers
I am truly happy to read this blog posts which consists of plenty of valuable facts,
thanks for providing these statistics.
Also visit my web page … slot deposit pulsa
great points altogether, you simply gained a emblem new
reader. What might you recommend about your put up that
you made some days in the past? Any positive?
It’s actually a nice and helpful piece of information. I’m
satisfied that you simply shared this helpful info with us.
Please keep us informed like this. Thank you for sharing.
Hi my friend! I wish to say that this article is
amazing, nice written and come with almost all vital
infos. I would like to peer extra posts like this .
I have been surfing online greater than three hours
these days, but I by no means found any interesting article
like yours. It is pretty value enough for me. In my opinion, if all web owners
and bloggers made just right content material as you probably did,
the net will probably be much more useful than ever before.
Fine way of explaining, and fastidious article to
obtain data regarding my presentation topic, which i am going to convey in school.
wonderful points altogether, you simply received a brand new reader.
What may you recommend about your submit that you just made some days ago?
Any sure?
Heya i am for the first time here. I found this board and I
find It truly useful & it helped me out a lot. I hope to give something back and aid others like
you aided me.
Its such as you learn my thoughts! You appear to grasp so much approximately
this, such as you wrote the book in it or something. I believe that you simply can do with some p.c.
to pressure the message home a little bit, however other than that, this is great blog.
A great read. I’ll definitely be back.
Whats up very cool web site!! Man .. Beautiful ..
Wonderful .. I will bookmark your site and take the feeds additionally?
I am happy to seek out so many useful information right here
in the submit, we need develop more techniques on this regard, thank you for sharing.
. . . . .
Awesome post.
Nice post. I learn something new and challenging
on blogs I stumbleupon everyday. It will always be helpful to
read through articles from other authors and use a little something from other websites.
Asking questions are truly fastidious thing if you are not understanding something completely, except this paragraph presents nice
understanding yet.
These are truly impressive ideas in regarding blogging.
You have touched some good things here. Any way keep up wrinting.
Excellent web site. A lot of useful information here.
I’m sending it to a few friends ans also sharing in delicious.
And naturally, thanks in your effort!
Hi there would you mind letting me know which webhost
you’re utilizing? I’ve loaded your blog in 3 completely different browsers and I
must say this blog loads a lot quicker then most. Can you recommend a good web hosting provider
at a fair price? Kudos, I appreciate it!
Good day! Do you use Twitter? I’d like to follow you
if that would be ok. I’m absolutely enjoying your blog and look forward to new updates.
magnificent issues altogether, you just gained a new reader.
What might you recommend in regards to your post
that you simply made some days ago? Any certain?
Good post however I was wanting to know if you could write a litte more on this topic?
I’d be very thankful if you could elaborate a little bit more.
Many thanks!
My page; slotpulsa77.xyz
Helpful info. Lucky me I found your web site
by accident, and I am surprised why this coincidence didn’t came about in advance!
I bookmarked it.
Hi there, just became alert to your blog through Google, and found that it is really informative.
I’m going to watch out for brussels. I will
appreciate if you continue this in future. Numerous people will be benefited from your writing.
Cheers!
I think everything wrote made a ton of sense.
But, think on this, suppose you were to write a awesome
title? I ain’t saying your content is not solid., but what if you added a post title to possibly grab folk’s
attention? I mean Seguridad en una SAN Brocade III
– Activar administración por HTTPS |
Almacenamiento Abierto is kinda plain. You should look at
Yahoo’s front page and see how they create article titles to
grab people to click. You might try adding a video
or a related pic or two to get readers excited about what you’ve got
to say. Just my opinion, it might bring your posts a little bit more interesting.
Hi I am so grateful I found your blog, I really found you by accident, while I was
searching on Yahoo for something else, Anyways I am here now and would just like to say thank you for
a marvelous post and a all round exciting blog (I
also love the theme/design), I don’t have time to browse it all at the minute but
I have book-marked it and also included your RSS feeds, so when I have time I will be back to read a lot more, Please do keep up the excellent jo.
Have a look at my site: judi slot online
Cool blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple tweeks would really make my blog jump out.
Please let me know where you got your design. Appreciate it
Good web site you have got here.. It’s difficult to find high quality writing like yours nowadays.
I honestly appreciate individuals like you! Take care!!
What’s up i am kavin, its my first time to commenting anyplace, when i read
this piece of writing i thought i could also make comment due to this brilliant
post.
Whats up very nice web site!! Guy .. Excellent ..
Wonderful .. I will bookmark your web site and take the feeds additionally?
I am satisfied to seek out a lot of helpful information here in the submit,
we need develop extra techniques on this regard, thanks for sharing.
. . . . .
Hi there, constantly i used to check website posts here early in the dawn, since i like to
learn more and more.
Hi there, just wanted to tell you, I enjoyed this blog post.
It was funny. Keep on posting!
For the reason that the admin of this site
is working, no doubt very soon it will be well-known, due to its quality contents.
Thank you for every other informative site.
The place else may I am getting that kind of info written in such
an ideal means? I’ve a venture that I’m just now working
on, and I have been at the glance out for such information.
Hello, everything is going sound here and ofcourse every one is sharing information, that’s really
fine, keep up writing.
I have been surfing online greater than three hours these days, but I
never discovered any interesting article like yours.
It is pretty price enough for me. Personally, if all
webmasters and bloggers made good content material as you did, the net
might be a lot more useful than ever before.
What’s up i am kavin, its my first time to commenting
anywhere, when i read this article i thought i could also make comment due to this good paragraph.
I really like what you guys are usually up too. This kind of clever work and exposure!
Keep up the good works guys I’ve included you guys to my blogroll.
I think the admin of this web site is truly working hard in favor
of his web page, because here every information is quality based material.
my webpage – s128 sabung ayam
Today, while I was at work, my sister stole my apple
ipad and tested to see if it can survive a twenty five foot drop, just so she can be
a youtube sensation. My apple ipad is now destroyed
and she has 83 views. I know this is completely off topic but
I had to share it with someone!
Hi, i think that i saw you visited my blog thus i came to “return the favorâ€.I
am trying to find things to improve my site!I suppose its ok to use a few of your ideas!!
magnificent submit, very informative. I’m wondering why
the opposite specialists of this sector do not understand this.
You should proceed your writing. I am confident,
you have a huge readers’ base already!
When I originally commented I clicked the «Notify me when new comments are added» checkbox and now each time a
comment is added I get several e-mails with the same comment.
Is there any way you can remove people from that service? Bless you!
I want to to thank you for this great read!!
I absolutely enjoyed every little bit of it.
I have you book marked to check out new stuff you post…
Superb blog! Do you have any tips for aspiring writers?
I’m planning to start my own site soon but I’m a little lost on everything.
Would you advise starting with a free platform like WordPress or
go for a paid option? There are so many options out there that I’m totally confused ..
Any ideas? Thanks!
This paragraph gives clear idea in support of the new users of
blogging, that genuinely how to do blogging.
I do believe all the ideas you have introduced
on your post. They’re really convincing and can definitely work.
Still, the posts are too short for starters. Could you please extend them a little from next time?
Thank you for the post.
my homepage; s128 deposit pulsa