En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Very good write-up. I absolutely love this site. Keep writing!
Howdy, i read your blog occasionally and i own a similar one and i was just wondering if you get a lot
of spam comments? If so how do you reduce it, any plugin or anything you can recommend?
I get so much lately it’s driving me mad so any assistance is
very much appreciated.
An impressive share! I’ve just forwarded this onto a colleague who had been conducting a
little research on this. And he actually ordered me lunch due to the fact that
I stumbled upon it for him… lol. So allow me to reword
this…. Thank YOU for the meal!! But yeah,
thanks for spending some time to discuss this issue here on your website.
Excellent blog here! Additionally your website quite a bit up fast!
What host are you using? Can I get your associate link for your host?
I want my web site loaded up as fast as yours lol
I was recommended this blog by my cousin. I’m not sure whether this post is
written by him as nobody else know such detailed about my
trouble. You are amazing! Thanks!
I was recommended this web site by my cousin. I am
not sure whether this post is written by him as no one else know
such detailed about my difficulty. You’re incredible!
Thanks!
What’s up, all is going perfectly here and ofcourse every one is sharing data, that’s really fine, keep up writing.
Link exchange is nothing else but it is simply placing the other
person’s blog link on your page at suitable place and other person will also do similar for you.
My family always say that I am wasting my time here at net, but I know I
am getting familiarity daily by reading thes good content.
Why people still make use of to read news papers when in this
technological globe everything is available on web?
magnificent points altogether, you simply gained a new reader.
What may you suggest about your post that you
made a few days in the past? Any positive?
You actually make it seem so easy with your presentation however I in finding this matter to be really something which I think I would never
understand. It sort of feels too complicated and extremely large for me.
I’m having a look ahead in your next post, I’ll attempt to get the
dangle of it!
You’re so interesting! I do not suppose I’ve read anything like this before.
So wonderful to discover another person with some original thoughts on this subject.
Seriously.. thanks for starting this up. This web site is something that’s needed on the internet, someone with a bit of
originality!
Hi there, I discovered your site by the use of Google while searching for a related matter, your website got here up, it seems great.
I’ve bookmarked it in my google bookmarks.
Hi there, just became alert to your blog thru Google, and found that
it’s truly informative. I’m going to watch out for brussels.
I will appreciate if you happen to continue this in future.
Many folks will be benefited from your writing. Cheers!
my blog :: agen slot joker123
With havin so much content do you ever run into any issues of plagorism or copyright violation? My blog has a lot of completely unique
content I’ve either written myself or outsourced but it appears a lot of it
is popping it up all over the web without my authorization.
Do you know any solutions to help protect against content from being ripped off?
I’d definitely appreciate it.
This site was… how do I say it? Relevant!! Finally I’ve found something that helped me.
Thanks a lot!
Wow! At last I got a website from where I be able to truly take valuable facts concerning my study and knowledge.
I have been surfing on-line more than 3 hours as of late, yet I by
no means found any fascinating article like yours. It is beautiful value enough for me.
Personally, if all webmasters and bloggers made just right content material as you probably did, the net will probably be much more helpful
than ever before.
I blog often and I genuinely appreciate your content.
This article has really peaked my interest. I am going to book mark your website and keep
checking for new details about once a week. I opted in for your Feed too.
Appreciation to my father who stated to me on the topic of this
website, this website is in fact amazing.
Hello there, I found your website by the use of Google whilst searching for a related topic, your site came up, it looks great.
I have bookmarked it in my google bookmarks.
Hi there, just became aware of your blog via Google, and located that it
is really informative. I’m gonna be careful for brussels.
I will be grateful in case you continue this in future. A lot of folks will likely be benefited out of your
writing. Cheers!
Hey, I think your blog might be having browser compatibility issues.
When I look at your website in Firefox, it looks fine
but when opening in Internet Explorer, it has some overlapping.
I just wanted to give you a quick heads up! Other then that, very good blog!
I have read so many content about the blogger lovers except this article
is truly a good piece of writing, keep it up.
What’s up, its good paragraph on the topic of media print, we all understand media is a enormous source of
information.
I’ll right away clutch your rss as I can’t find your e-mail subscription link or newsletter service.
Do you have any? Please allow me understand so that I may just subscribe.
Thanks.
Excellent, what a website it is! This webpage gives useful data to us, keep it up.
I visited various web sites however the audio feature for audio songs present at this site is
in fact fabulous.
I am regular reader, how are you everybody? This paragraph
posted at this website is genuinely good.
bookmarked!!, I love your site!
This excellent website truly has all the information I needed about this
subject and didn’t know who to ask.
I simply could not leave your site prior to
suggesting that I actually loved the standard info an individual supply in your guests?
Is gonna be back often in order to investigate cross-check new posts
I am regular visitor, how are you everybody? This post posted
at this web site is genuinely good.
Very quickly this website will be famous among all blogging users, due to it’s nice posts
With havin so much content and articles do you ever run into
any problems of plagorism or copyright violation? My website has a lot of exclusive content I’ve either authored myself or outsourced but it looks like a lot of it
is popping it up all over the internet without my permission. Do
you know any solutions to help protect against content from being ripped
off? I’d genuinely appreciate it.
It’s a pity you don’t have a donate button! I’d without a
doubt donate to this brilliant blog! I guess for now i’ll settle for bookmarking
and adding your RSS feed to my Google account. I look forward to brand new updates
and will share this website with my Facebook group.
Chat soon!
In fact no matter if someone doesn’t know after that its up to other users that they will help, so here it occurs.
An intriguing discussion is worth comment.
There’s no doubt that that you should write more on this issue, it might not
be a taboo matter but typically people don’t talk about these topics.
To the next! Cheers!!
Does your website have a contact page? I’m having
problems locating it but, I’d like to send you an email.
I’ve got some recommendations for your blog you might be interested in hearing.
Either way, great site and I look forward to seeing it expand over time.
Do you mind if I quote a few of your articles as long as I provide credit and sources
back to your weblog? My blog is in the very same niche
as yours and my visitors would truly benefit from
a lot of the information you provide here. Please let me know if this alright with you.
Thank you!
Excellent post. I was checking constantly this
blog and I am impressed! Very helpful info
specially the last part 🙂 I care for such info a lot.
I was looking for this particular information for a very long time.
Thank you and good luck.
I delight in, cause I discovered just what I was looking for.
You have ended my 4 day long hunt! God Bless you man. Have a nice day.
Bye
Hello there! Would you mind if I share your blog with my myspace group?
There’s a lot of folks that I think would really enjoy your content.
Please let me know. Many thanks
Hello, I think your website might be having browser compatibility issues.
When I look at your blog in Opera, it looks fine but when opening in Internet Explorer,
it has some overlapping. I just wanted to give you a quick heads up!
Other then that, superb blog!
Hi to all, as I am really eager of reading this webpage’s
post to be updated daily. It includes pleasant information.
I do not even know the way I finished up right here,
however I believed this publish used to be good.
I do not recognize who you’re however certainly you’re going
to a famous blogger if you aren’t already.
Cheers!
my website; daftar poker pulsa
This is very interesting, You are an overly professional blogger.
I’ve joined your rss feed and sit up for looking for more of your excellent post.
Also, I’ve shared your web site in my social networks
I am curious to find out what blog platform you have been using?
I’m experiencing some minor security issues with my
latest site and I would like to find something more safeguarded.
Do you have any suggestions?
I enjoy what you guys are up too. This kind of clever work and exposure!
Keep up the great works guys I’ve added you guys to my blogroll.
I used to be able to find good info from your articles.
Wow that was strange. I just wrote an extremely long
comment but after I clicked submit my comment didn’t appear.
Grrrr… well I’m not writing all that over again. Regardless, just
wanted to say superb blog!