En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I am curious to find out what blog system you’re using?
I’m experiencing some minor security issues with my latest site and
I’d like to find something more secure. Do you have any suggestions?
This information is invaluable. When can I find out more?
It’s going to be finish of mine day, but before end I am
reading this wonderful paragraph to improve my experience.
Every weekend i used to visit this site, because i wish for enjoyment, as this this website conations truly good funny information too.
I think this is among the most vital information for me.
And i am glad reading your article. But wanna remark on few general things, The web site style is wonderful,
the articles is really excellent : D. Good job,
cheers
Hi are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started
and set up my own. Do you need any html coding expertise to make your own blog?
Any help would be really appreciated!
Hurrah! In the end I got a blog from where I be able to genuinely get useful
data regarding my study and knowledge.
I read this post fully regarding the difference of
hottest and earlier technologies, it’s amazing article.
WOW just what I was looking for. Came here by searching for here
Here is my blog post; https://ayamindo.com
Incredible story there. What happened after? Take care!
I have read so many articles about the blogger lovers except this post is genuinely a fastidious post, keep it up.
I really like your blog.. very nice colors & theme.
Did you create this website yourself or did you hire someone to do it for you?
Plz respond as I’m looking to construct my own blog and would like
to know where u got this from. kudos
Hello there, I found your website by means of Google while looking for
a similar subject, your website got here up, it appears
great. I’ve bookmarked it in my google bookmarks.
Hi there, simply changed into alert to your weblog thru Google, and located that
it is really informative. I’m going to be careful for brussels.
I’ll appreciate in case you proceed this in future.
A lot of people can be benefited from your writing.
Cheers!
Hiya very nice site!! Man .. Beautiful .. Wonderful ..
I will bookmark your blog and take the feeds additionally?
I am glad to find so many helpful information here in the publish, we’d like develop more techniques in this regard, thank
you for sharing. . . . . .
Right now it seems like Drupal is the top blogging platform out there right now.
(from what I’ve read) Is that what you’re using on your blog?
Hi there, this weekend is pleasant in favor of me,
as this occasion i am reading this wonderful educational post here at my house.
Its such as you read my mind! You seem to understand a lot approximately this, such as you wrote the book in it or
something. I feel that you just can do with a few percent to pressure the message home
a little bit, however instead of that, this is great blog.
An excellent read. I’ll definitely be back.
I like what you guys tend to be up too. This type of
clever work and coverage! Keep up the very good works guys I’ve incorporated you
guys to my own blogroll.
I love it when individuals come together and share opinions.
Great site, stick with it!
Hi there! Quick question that’s totally off topic. Do you know how to make your site mobile friendly?
My weblog looks weird when browsing from my iphone4.
I’m trying to find a template or plugin that might be able to fix this issue.
If you have any recommendations, please share. With thanks!
Your style is so unique compared to other people I have read
stuff from. I appreciate you for posting when you have the opportunity, Guess I will just book mark
this blog.
If some one wants to be updated with newest technologies then he must be pay a quick visit this website and be up
to date daily.
I blog quite often and I really appreciate
your information. Your article has really peaked my interest.
I will take a note of your site and keep checking for new details about once a week.
I opted in for your RSS feed too.
Unquestionably believe that which you stated. Your favorite reason seemed to be on the internet the simplest thing to be aware of.
I say to you, I definitely get irked while people consider worries that they
plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side-effects , people could take a signal.
Will likely be back to get more. Thanks
Hey there! I know this is kind of off topic but I
was wondering which blog platform are you using for this
site? I’m getting tired of WordPress because I’ve had issues with hackers and I’m looking at alternatives for another platform.
I would be fantastic if you could point me in the direction of a good platform.
Hey there this is kind of of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually code with HTML.
I’m starting a blog soon but have no coding
knowledge so I wanted to get guidance from someone with experience.
Any help would be greatly appreciated!
Hello to every one, the contents existing at this website are really amazing for people experience, well, keep up the nice work fellows.
We stumbled over here different page and thought I might as well check things out.
I like what I see so now i’m following you.
Look forward to exploring your web page for a second time.
Spot on with this write-up, I actually believe that this site needs much more
attention. I’ll probably be back again to see more, thanks for the info!
What’s up, I read your blogs like every week. Your story-telling style is witty, keep it up!
I simply could not depart your web site prior to suggesting that I
actually enjoyed the standard info an individual provide to
your guests? Is gonna be back steadily in order to investigate cross-check new posts
I am genuinely thankful to the owner of this web page who has shared this wonderful article at at this time.
Aw, this was a really nice post. Finding the time and
actual effort to produce a top notch article… but what
can I say… I procrastinate a whole lot
and never seem to get anything done.
I’m really enjoying the theme/design of your website.
Do you ever run into any browser compatibility problems?
A few of my blog readers have complained about my blog not operating correctly in Explorer but looks great in Safari.
Do you have any solutions to help fix this issue?
Hi I am so happy I found your webpage, I really found you by error,
while I was browsing on Digg for something else, Nonetheless I am here now
and would just like to say thank you for a remarkable post and a all round interesting blog (I also love
the theme/design), I don’t have time to read it all at the moment but I have saved it and also added in your RSS feeds, so
when I have time I will be back to read much more, Please do keep up the fantastic
b.
Good article! We are linking to this particularly great post on our website.
Keep up the good writing.
It’s genuinely very complex in this busy life to listen news on TV,
so I just use web for that purpose, and get the most up-to-date news.
This is a topic which is near to my heart… Many thanks!
Exactly where are your contact details though?
Heya! I just wanted to ask if you ever have any problems
with hackers? My last blog (wordpress) was hacked and I ended up
losing a few months of hard work due to no backup.
Do you have any solutions to stop hackers?
Thank you for some other fantastic post. Where else could anybody get that type of information in such an ideal
method of writing? I’ve a presentation next week, and I’m at the look for such info.
I like the valuable info you supply on your articles. I’ll bookmark your weblog
and test once more right here regularly. I am relatively sure I’ll be told many new stuff right right here!
Good luck for the following!
Having read this I thought it was really enlightening.
I appreciate you spending some time and effort to put this information together.
I once again find myself spending a significant amount of time
both reading and commenting. But so what, it was still worthwhile!
Incredible points. Solid arguments. Keep up the good spirit.
Attractive section of content. I simply stumbled upon your website and in accession capital to assert
that I get in fact enjoyed account your weblog posts.
Anyway I’ll be subscribing in your augment or even I
fulfillment you get right of entry to constantly
quickly.
Wow, awesome blog layout! How long have you been blogging for?
you made blogging look easy. The overall look of your site is fantastic, let alone the content!
This excellent website really has all of the
info I wanted concerning this subject and didn’t know who to ask.
Thanks for sharing your thoughts about here. Regards
Here is my web site – poker pulsa online
If some one wants to be updated with most up-to-date technologies after that he must be
pay a visit this site and be up to date everyday.
I couldn’t resist commenting. Exceptionally well written!
Wow, wonderful blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your site is magnificent, as well as the content!