En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I am extremely inspired along with your writing abilities
and also with the layout in your weblog. Is this
a paid subject or did you customize it yourself? Either way stay up the nice high quality writing, it is uncommon to
peer a nice blog like this one nowadays..
Cool blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple tweeks would really make my blog stand out.
Please let me know where you got your theme. Bless you
Also visit my webpage qqdomino.biz
Wonderful blog! I found it while browsing on Yahoo News.
Do you have any suggestions on how to get listed in Yahoo News?
I’ve been trying for a while but I never seem to
get there! Many thanks
It’s enormous that you are getting thoughts from this article
as well as from our argument made at this time.
I’ve been surfing online more than 3 hours today, yet I never found any interesting article like yours.
It is pretty worth enough for me. In my view,
if all webmasters and bloggers made good content as you did, the web will be much more useful than ever before.
Good post. I learn something totally new and
challenging on sites I stumbleupon everyday.
It will always be helpful to read through articles from other authors and use something from other
websites.
It’s amazing in support of me to have a website,
which is helpful for my experience. thanks admin
Hi to every one, it’s genuinely a pleasant for me to go to see this website, it consists of
important Information.
Howdy, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam responses?
If so how do you prevent it, any plugin or anything you can recommend?
I get so much lately it’s driving me crazy so any help is very much appreciated.
What’s up every one, here every person is sharing these familiarity,
therefore it’s nice to read this website, and I used to
visit this web site every day.
Hello it’s me, I am also visiting this web site on a
regular basis, this web site is genuinely pleasant and the visitors are actually sharing fastidious thoughts.
Pretty great post. I simply stumbled upon your blog and wanted to mention that I have truly loved surfing around your blog posts.
In any case I will be subscribing on your rss feed and I hope you write again soon!
Hmm is anyone else experiencing problems with the pictures
on this blog loading? I’m trying to find out if its a problem on my
end or if it’s the blog. Any suggestions would be greatly appreciated.
Great post! We are linking to this great content on our website.
Keep up the great writing.
Wow that was odd. I just wrote an really long comment but
after I clicked submit my comment didn’t show up.
Grrrr… well I’m not writing all that over again. Anyhow, just wanted to
say superb blog!
Fantastic blog! Do you have any suggestions for aspiring writers?
I’m planning to start my own site soon but I’m a little lost on everything.
Would you advise starting with a free platform like WordPress
or go for a paid option? There are so many options out
there that I’m totally overwhelmed .. Any suggestions?
Thank you!
You have made some good points there. I looked on the web for more info about the issue
and found most individuals will go along with your views on this web site.
Woah! I’m really enjoying the template/theme of this blog.
It’s simple, yet effective. A lot of times it’s hard to get that
«perfect balance» between user friendliness and visual appearance.
I must say you’ve done a superb job with this.
In addition, the blog loads super quick for me on Firefox.
Exceptional Blog!
These are in fact fantastic ideas in regarding blogging.
You have touched some good points here. Any way keep up wrinting.
Heya i’m for the first time here. I came across this board and I
find It really useful & it helped me out a lot. I hope to give something back
and aid others like you helped me.
You should take part in a contest for one of the best websites
on the web. I will recommend this site!
Have you ever thought about publishing an ebook or guest authoring on other websites?
I have a blog centered on the same ideas you discuss and would love to have you share some
stories/information. I know my subscribers would value
your work. If you are even remotely interested, feel free to send me an email.
I do not even understand how I finished up right here,
however I thought this put up was good. I don’t know
who you’re however definitely you’re going to a famous blogger when you
aren’t already. Cheers!
Wow, this post is pleasant, my younger sister is analyzing these kinds of things, thus I am going to let know
her.
Can you tell us more about this? I’d want to find out some additional information.
Just want to say your article is as surprising. The clarity in your post is just cool
and i can assume you are an expert on this subject. Well with your permission allow me to grab your feed
to keep updated with forthcoming post. Thanks a million and please continue the rewarding work.
great points altogether, you just won a emblem new reader.
What could you recommend about your post that you made a few days ago?
Any sure?
Whats up this is kind of of off topic but I was
wondering if blogs use WYSIWYG editors or if you have to
manually code with HTML. I’m starting a blog soon but have no coding knowledge so I wanted to get
guidance from someone with experience. Any help would be greatly appreciated!
my blog post :: bandar poker deposit via pulsa
Hey there! I know this is kind of off topic but I was wondering which blog platform are
you using for this website? I’m getting tired of WordPress because I’ve
had issues with hackers and I’m looking at options for another platform.
I would be awesome if you could point me in the direction of
a good platform.
Aw, this was an exceptionally nice post. Spending some time and actual effort to generate a
good article… but what can I say… I hesitate a
whole lot and never manage to get nearly anything done.
Genuinely when someone doesn’t be aware of afterward its
up to other visitors that they will help, so here it takes place.
I’m extremely pleased to find this site. I want to to thank you for ones time
for this particularly fantastic read!! I definitely enjoyed every little bit
of it and i also have you bookmarked to look at new stuff in your website.
my blog :: sabung ayam online
Hello! I know this is somewhat off topic but I was wondering if you
knew where I could get a captcha plugin for my comment form?
I’m using the same blog platform as yours and I’m having problems finding one?
Thanks a lot!
Normally I do not learn post on blogs, but I would like to say
that this write-up very compelled me to check out and do so!
Your writing style has been amazed me. Thank you, very great
article.
My partner and I stumbled over here from a different web address and thought I might as well check things out.
I like what I see so i am just following you.
Look forward to looking at your web page again.
Right away I am ready to do my breakfast, afterward having my breakfast coming yet
again to read further news.
Also visit my blog post; deposit judi online
Thank you, I’ve recently been looking for information about this topic for a
while and yours is the greatest I have came upon till now.
However, what about the bottom line? Are you sure about the supply?
Do you have a spam problem on this site; I also am a blogger, and I was curious
about your situation; many of us have created some nice practices and we are looking
to trade solutions with others, be sure to shoot me an e-mail if interested.
Can you tell us more about this? I’d love to find out more details.
I pay a quick visit everyday a few sites and sites to read articles, however this weblog offers feature
based posts.
I’ll immediately grasp your rss as I can not in finding your email subscription link or newsletter service.
Do you’ve any? Please let me understand so that I may subscribe.
Thanks.
Woah! I’m really digging the template/theme of this blog.
It’s simple, yet effective. A lot of times it’s very difficult to get that «perfect balance» between superb usability and appearance.
I must say you’ve done a excellent job with this.
In addition, the blog loads very fast for me on Internet explorer.
Outstanding Blog!
I really like what you guys are up too. Such clever work and reporting!
Keep up the superb works guys I’ve included you guys to my personal blogroll.
Thanks for sharing your thoughts about http://www.truthmall.com. Regards
Hello to all, how is the whole thing, I think every one is
getting more from this web site, and your views are nice in favor of new people.
My brother suggested I might like this blog. He was entirely right.
This post truly made my day. You cann’t imagine just how much
time I had spent for this information! Thanks!
Hello, Neat post. There’s an issue with your site in web explorer, could check this?
IE still is the marketplace chief and a large element of people will omit your great writing because of this problem.
naturally like your website however you need to test the spelling on several of your posts.
Several of them are rife with spelling issues and I to find it very
troublesome to tell the truth then again I’ll surely come again again.
It’s not my first time to go to see this site, i am browsing this site dailly
and obtain nice information from here daily.
Hello would you mind stating which blog platform you’re working with?
I’m looking to start my own blog in the near future but
I’m having a difficult time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs and I’m looking for something unique.
P.S My apologies for getting off-topic but I had to ask!