Home » Seguridad en una SAN Brocade III – Activar administración por HTTPS

Seguridad en una SAN Brocade III – Activar administración por HTTPS

En el post  Seguridad en una SAN Brocade II – Administración con protocolos inseguros  se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLSEl procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches: 

1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos: 
 

core1:angel> seccertutil genkey 
Generating a new key pair will automatically do the following: 
1. Delete all existing CSRs. 
2. Delete all existing certificates. 
3. Reset the certificate filename to none. 
4. Disable secure protocols. 

Continue (yes, y, no, n): [no] yes 
Select key size [1024 or 2048]: 1024 
Generating new rsa public/private key pair 
Done. 

core1:angel> seccertutil gencsr 
Country Name (2 letter code, eg, US):ES 
State or Province Name (full name, eg, California):Sevilla 
Locality Name (eg, city name):Sevilla 
Organization Name (eg, company name):AA 
Organizational Unit Name (eg, department name):LABS 
Common Name (Fully qualified Domain Name, or IP address):core1 
Generating CSR, file name is: 192.168.100.1.csr 
Done. 

core1:angel> seccertutil export 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter Login Name: angel 
Enter Password:  
Success: exported CSR. 

2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS: 

 

angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem 
Signature ok 
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1 
Getting CA Private Key 
Enter pass phrase for cakey.pem: 

En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma: 

 

core1 –> 01 
core2 –> 02 
edge4 –> 03 
edge2 –> 04 
edge8 –> 05 
edge6 –> 06 
edge3 –> 07 
edge1 –> 08 
edge7 –> 09 
edge5 –>10 
 

3.- El certificado creado importarlo en el switch 

 

core1:angel> seccertutil import -config swcert -enable https 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem 
Enter Login Name: angel 
Enter Password:  
Success: imported certificate [192.168.100.1.pem]. 
Certificate file in configuration has been updated. 
Secure http has been enabled. 
 

De esta forma ya está el servicio HTTPS levantado.

1.117 Responses to “Seguridad en una SAN Brocade III – Activar administración por HTTPS”

  1. I am curious to find out what blog system you’re using?

    I’m experiencing some minor security issues with my latest site and
    I’d like to find something more secure. Do you have any suggestions?

  2. It’s going to be finish of mine day, but before end I am
    reading this wonderful paragraph to improve my experience.

  3. Every weekend i used to visit this site, because i wish for enjoyment, as this this website conations truly good funny information too.

  4. sp-filya.ru dice:

    I think this is among the most vital information for me.
    And i am glad reading your article. But wanna remark on few general things, The web site style is wonderful,
    the articles is really excellent : D. Good job,
    cheers

  5. Hi are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started
    and set up my own. Do you need any html coding expertise to make your own blog?
    Any help would be really appreciated!

  6. Hurrah! In the end I got a blog from where I be able to genuinely get useful
    data regarding my study and knowledge.

  7. discuss dice:

    I read this post fully regarding the difference of
    hottest and earlier technologies, it’s amazing article.

  8. WOW just what I was looking for. Came here by searching for here

    Here is my blog post; https://ayamindo.com

  9. tscq.shop dice:

    Incredible story there. What happened after? Take care!

  10. I have read so many articles about the blogger lovers except this post is genuinely a fastidious post, keep it up.

  11. poigrala.ru dice:

    I really like your blog.. very nice colors & theme.
    Did you create this website yourself or did you hire someone to do it for you?
    Plz respond as I’m looking to construct my own blog and would like
    to know where u got this from. kudos

  12. Hello there, I found your website by means of Google while looking for
    a similar subject, your website got here up, it appears
    great. I’ve bookmarked it in my google bookmarks.
    Hi there, simply changed into alert to your weblog thru Google, and located that
    it is really informative. I’m going to be careful for brussels.
    I’ll appreciate in case you proceed this in future.
    A lot of people can be benefited from your writing.

    Cheers!

  13. Hiya very nice site!! Man .. Beautiful .. Wonderful ..
    I will bookmark your blog and take the feeds additionally?
    I am glad to find so many helpful information here in the publish, we’d like develop more techniques in this regard, thank
    you for sharing. . . . . .

  14. Right now it seems like Drupal is the top blogging platform out there right now.
    (from what I’ve read) Is that what you’re using on your blog?

  15. 0rz.tw dice:

    Hi there, this weekend is pleasant in favor of me,
    as this occasion i am reading this wonderful educational post here at my house.

  16. Its such as you read my mind! You seem to understand a lot approximately this, such as you wrote the book in it or
    something. I feel that you just can do with a few percent to pressure the message home
    a little bit, however instead of that, this is great blog.
    An excellent read. I’ll definitely be back.

  17. I like what you guys tend to be up too. This type of
    clever work and coverage! Keep up the very good works guys I’ve incorporated you
    guys to my own blogroll.

  18. I love it when individuals come together and share opinions.

    Great site, stick with it!

  19. Hi there! Quick question that’s totally off topic. Do you know how to make your site mobile friendly?
    My weblog looks weird when browsing from my iphone4.
    I’m trying to find a template or plugin that might be able to fix this issue.

    If you have any recommendations, please share. With thanks!

  20. Your style is so unique compared to other people I have read
    stuff from. I appreciate you for posting when you have the opportunity, Guess I will just book mark
    this blog.

  21. If some one wants to be updated with newest technologies then he must be pay a quick visit this website and be up
    to date daily.

  22. www.yzgz.cn dice:

    I blog quite often and I really appreciate
    your information. Your article has really peaked my interest.
    I will take a note of your site and keep checking for new details about once a week.
    I opted in for your RSS feed too.

  23. hukukevi.net dice:

    Unquestionably believe that which you stated. Your favorite reason seemed to be on the internet the simplest thing to be aware of.
    I say to you, I definitely get irked while people consider worries that they
    plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side-effects , people could take a signal.
    Will likely be back to get more. Thanks

  24. Hey there! I know this is kind of off topic but I
    was wondering which blog platform are you using for this
    site? I’m getting tired of WordPress because I’ve had issues with hackers and I’m looking at alternatives for another platform.
    I would be fantastic if you could point me in the direction of a good platform.

  25. Hey there this is kind of of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually code with HTML.
    I’m starting a blog soon but have no coding
    knowledge so I wanted to get guidance from someone with experience.
    Any help would be greatly appreciated!

  26. Hello to every one, the contents existing at this website are really amazing for people experience, well, keep up the nice work fellows.

  27. kchrlife.ru dice:

    We stumbled over here different page and thought I might as well check things out.
    I like what I see so now i’m following you.
    Look forward to exploring your web page for a second time.

  28. Spot on with this write-up, I actually believe that this site needs much more
    attention. I’ll probably be back again to see more, thanks for the info!

  29. What’s up, I read your blogs like every week. Your story-telling style is witty, keep it up!

  30. I simply could not depart your web site prior to suggesting that I
    actually enjoyed the standard info an individual provide to
    your guests? Is gonna be back steadily in order to investigate cross-check new posts

  31. I am genuinely thankful to the owner of this web page who has shared this wonderful article at at this time.

  32. Aw, this was a really nice post. Finding the time and
    actual effort to produce a top notch article… but what
    can I say… I procrastinate a whole lot
    and never seem to get anything done.

  33. I’m really enjoying the theme/design of your website.
    Do you ever run into any browser compatibility problems?
    A few of my blog readers have complained about my blog not operating correctly in Explorer but looks great in Safari.
    Do you have any solutions to help fix this issue?

  34. Hi I am so happy I found your webpage, I really found you by error,
    while I was browsing on Digg for something else, Nonetheless I am here now
    and would just like to say thank you for a remarkable post and a all round interesting blog (I also love
    the theme/design), I don’t have time to read it all at the moment but I have saved it and also added in your RSS feeds, so
    when I have time I will be back to read much more, Please do keep up the fantastic
    b.

  35. Good article! We are linking to this particularly great post on our website.
    Keep up the good writing.

  36. It’s genuinely very complex in this busy life to listen news on TV,
    so I just use web for that purpose, and get the most up-to-date news.

  37. This is a topic which is near to my heart… Many thanks!
    Exactly where are your contact details though?

  38. gmprvolg.ru dice:

    Heya! I just wanted to ask if you ever have any problems
    with hackers? My last blog (wordpress) was hacked and I ended up
    losing a few months of hard work due to no backup.

    Do you have any solutions to stop hackers?

  39. Thank you for some other fantastic post. Where else could anybody get that type of information in such an ideal
    method of writing? I’ve a presentation next week, and I’m at the look for such info.

  40. I like the valuable info you supply on your articles. I’ll bookmark your weblog
    and test once more right here regularly. I am relatively sure I’ll be told many new stuff right right here!
    Good luck for the following!

  41. Having read this I thought it was really enlightening.

    I appreciate you spending some time and effort to put this information together.
    I once again find myself spending a significant amount of time
    both reading and commenting. But so what, it was still worthwhile!

  42. Incredible points. Solid arguments. Keep up the good spirit.

  43. Attractive section of content. I simply stumbled upon your website and in accession capital to assert
    that I get in fact enjoyed account your weblog posts.
    Anyway I’ll be subscribing in your augment or even I
    fulfillment you get right of entry to constantly
    quickly.

  44. Wow, awesome blog layout! How long have you been blogging for?
    you made blogging look easy. The overall look of your site is fantastic, let alone the content!

  45. This excellent website really has all of the
    info I wanted concerning this subject and didn’t know who to ask.

  46. Thanks for sharing your thoughts about here. Regards

    Here is my web site – poker pulsa online

  47. fllw.club dice:

    If some one wants to be updated with most up-to-date technologies after that he must be
    pay a visit this site and be up to date everyday.

  48. I couldn’t resist commenting. Exceptionally well written!

  49. brnk.in.ua dice:

    Wow, wonderful blog layout! How long have you been blogging for?
    you make blogging look easy. The overall look of your site is magnificent, as well as the content!

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *