En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I don’t know if it’s just me or if perhaps everybody else encountering
problems with your website. It appears as if some of the written text within your content are running off the screen. Can somebody else
please comment and let me know if this is happening to them as well?
This could be a problem with my internet browser
because I’ve had this happen before. Kudos
Nice post. I was checking continuously this weblog and I’m impressed!
Extremely helpful info particularly the last section :
) I handle such information much. I was seeking this
particular information for a long time. Thank you
and best of luck.
I enjoy what you guys tend to be up too. This type of clever
work and coverage! Keep up the wonderful works guys I’ve incorporated you guys to my blogroll.
I loved as much as you’ll receive carried out right here.
The sketch is attractive, your authored material stylish.
nonetheless, you command get got an impatience over that you wish be delivering the following.
unwell unquestionably come further formerly again since exactly the same nearly very often inside case
you shield this hike.
I’m really enjoying the design and layout of your
blog. It’s a very easy on the eyes which makes it much more pleasant for
me to come here and visit more often. Did you hire out
a designer to create your theme? Exceptional work!
I am extremely inspired with your writing skills and also with the layout in your
blog. Is this a paid topic or did you modify it your self? Anyway keep up the excellent quality writing, it’s uncommon to see
a great weblog like this one today..
Hi there Dear, are you actually visiting this web site on a
regular basis, if so after that you will absolutely obtain pleasant
know-how.
I’m not sure where you are getting your information, but good topic.
I needs to spend some time learning much more or understanding more.
Thanks for wonderful info I was looking for this information for my mission.
Hey very interesting blog!
Thanks for sharing your thoughts. I truly appreciate your efforts and I am
waiting for your next write ups thank you once again.
Hello, after reading this remarkable piece of writing
i am also cheerful to share my familiarity
here with mates.
Greate post. Keep posting such kind of info on your page.
Im really impressed by your blog.
Hello there, You’ve done an excellent job. I will definitely
digg it and in my opinion suggest to my friends. I’m sure they’ll be benefited from this web site.
These are actually fantastic ideas in concerning blogging.
You have touched some nice things here. Any way keep up wrinting.
Hi there to every body, it’s my first pay a visit of this blog; this web
site carries amazing and actually excellent data designed for
readers.
Howdy, I do believe your site may be having web
browser compatibility problems. Whenever I take a look at your site
in Safari, it looks fine however, when opening in Internet Explorer, it
has some overlapping issues. I simply wanted to provide you with a quick heads up!
Apart from that, fantastic blog!
This is my first time go to see at here and i am in fact happy to read all at one place.
I have to thank you for the efforts you’ve put in writing this blog.
I’m hoping to view the same high-grade content from
you later on as well. In fact, your creative writing abilities has inspired me to get my own, personal site now 😉
You can definitely see your expertise within the work you write.
The arena hopes for more passionate writers like you who are not afraid to say
how they believe. At all times go after your heart.
Good day! Do you know if they make any plugins to protect against hackers?
I’m kinda paranoid about losing everything I’ve worked hard on. Any tips?
It’s very effortless to find out any matter on net as
compared to books, as I found this post at this web site.
For latest news you have to visit world wide web and on internet I found this website
as a best site for newest updates.
I loved as much as you’ll receive carried out right here.
The sketch is attractive, your authored material stylish.
nonetheless, you command get bought an impatience over that you wish
be delivering the following. unwell unquestionably come more
formerly again as exactly the same nearly a lot often inside case you
shield this increase.
Hey there! Someone in my Facebook group shared this site with us so I came to check it out.
I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers!
Great blog and fantastic design and style.
Thanks for finally talking about > Seguridad en una SAN Brocade III – Activar administración por HTTPS | Almacenamiento Abierto
slot deposit pulsa
What’s up to all, the contents existing at this site are in fact amazing for people experience, well,
keep up the good work fellows.
Feel free to visit my web site; deposit poker pulsa
Thanks for your personal marvelous posting!
I definitely enjoyed reading it, you happen to be
a great author.I will remember to bookmark your
blog and will come back in the future. I want to encourage one to continue
your great work, have a nice day!
Look at my webpage – poker idn pulsa
Hello great website! Does running a blog such as this require a lot of work?
I have very little expertise in computer programming however
I was hoping to start my own blog in the near future.
Anyway, should you have any recommendations or techniques for new blog owners please share.
I know this is off topic nevertheless I simply had to ask.
Kudos!
Take a look at my web-site bandar slot online
Pretty! This has been a really wonderful article. Thanks for providing
this info.
You really make it appear so easy along with your presentation but I find
this topic to be actually something which I believe I might never understand.
It sort of feels too complex and extremely huge for me.
I’m having a look ahead to your subsequent submit, I will attempt to get the grasp of it!
Oh my goodness! Incredible article dude! Many thanks, However I am having difficulties with your RSS.
I don’t know why I am unable to join it. Is there anyone else having identical RSS
issues? Anybody who knows the solution can you kindly respond?
Thanx!!
What’s up, all is going fine here and ofcourse every one is sharing data, that’s
really good, keep up writing.
Having read this I thought it was extremely informative. I
appreciate you finding the time and effort to put this article together.
I once again find myself spending way too much time both reading and commenting.
But so what, it was still worthwhile!
If some one wants to be updated with most up-to-date technologies therefore he must
be visit this website and be up to date daily.
I have learn a few just right stuff here. Definitely value bookmarking for revisiting.
I wonder how a lot effort you put to create this type of magnificent informative
web site.
Hello! I could have sworn I’ve visited this site before but after browsing through many of the articles I realized it’s
new to me. Anyhow, I’m definitely happy I discovered it and I’ll be bookmarking
it and checking back frequently!
Today, I went to the beach front with my children. I found a
sea shell and gave it to my 4 year old daughter and said «You can hear the ocean if you put this to your ear.» She put
the shell to her ear and screamed. There was a hermit
crab inside and it pinched her ear. She never wants to go back!
LoL I know this is totally off topic but I had to tell someone!
When some one searches for his required thing, so he/she desires to be available that in detail, thus that thing
is maintained over here.
My brother recommended I may like this web site. He was totally right.
This submit actually made my day. You cann’t consider just how so much time I had spent for this info!
Thanks!
I do not know if it’s just me or if perhaps everyone else encountering problems with your blog.
It looks like some of the text in your posts are running off
the screen. Can somebody else please provide feedback and let me
know if this is happening to them as well? This might be a
issue with my internet browser because I’ve had this happen before.
Thanks
Wonderful work! That is the kind of information that should be
shared across the web. Disgrace on Google for not positioning this post higher!
Come on over and seek advice from my site . Thanks
=)
Your style is so unique in comparison to other folks I’ve read stuff from.
Many thanks for posting when you’ve got the opportunity, Guess I’ll just
book mark this web site.
An outstanding share! I’ve just forwarded this onto a friend who had been conducting a
little homework on this. And he actually ordered me dinner due to the fact that I discovered it for him…
lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending time to talk about this matter
here on your site.
Your style is so unique compared to other people I’ve
read stuff from. Many thanks for posting when you have the opportunity, Guess I’ll just book
mark this web site.
It’s appropriate time to make a few plans for the long run and it is time to be happy.
I have learn this publish and if I may just I want to recommend you some interesting things or
tips. Maybe you can write next articles regarding this article.
I desire to learn even more issues about it!
You could certainly see your skills in the work you write.
The arena hopes for more passionate writers such as you who are not
afraid to mention how they believe. All the time follow your heart.
Woah! I’m really digging the template/theme of this website.
It’s simple, yet effective. A lot of times it’s very difficult to get that «perfect balance» between usability and visual appearance.
I must say you’ve done a awesome job with this.
Also, the blog loads very fast for me on Internet explorer.
Excellent Blog!
Please let me know if you’re looking for a article author
for your weblog. You have some really good posts and
I believe I would be a good asset. If you ever want to take some of the load off, I’d really like to write some articles for your blog in exchange for a link back to mine.
Please send me an e-mail if interested. Thanks!
I pay a visit daily a few websites and websites to read posts,
except this website presents quality based articles.
Hi! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing
several weeks of hard work due to no data backup.
Do you have any solutions to stop hackers?
Greetings! Very helpful advice in this particular article!
It’s the little changes that make the most important changes.
Thanks a lot for sharing!