Home » Seguridad en una SAN Brocade III – Activar administración por HTTPS

Seguridad en una SAN Brocade III – Activar administración por HTTPS

En el post  Seguridad en una SAN Brocade II – Administración con protocolos inseguros  se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLSEl procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches: 

1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos: 
 

core1:angel> seccertutil genkey 
Generating a new key pair will automatically do the following: 
1. Delete all existing CSRs. 
2. Delete all existing certificates. 
3. Reset the certificate filename to none. 
4. Disable secure protocols. 

Continue (yes, y, no, n): [no] yes 
Select key size [1024 or 2048]: 1024 
Generating new rsa public/private key pair 
Done. 

core1:angel> seccertutil gencsr 
Country Name (2 letter code, eg, US):ES 
State or Province Name (full name, eg, California):Sevilla 
Locality Name (eg, city name):Sevilla 
Organization Name (eg, company name):AA 
Organizational Unit Name (eg, department name):LABS 
Common Name (Fully qualified Domain Name, or IP address):core1 
Generating CSR, file name is: 192.168.100.1.csr 
Done. 

core1:angel> seccertutil export 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter Login Name: angel 
Enter Password:  
Success: exported CSR. 

2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS: 

 

angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem 
Signature ok 
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1 
Getting CA Private Key 
Enter pass phrase for cakey.pem: 

En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma: 

 

core1 –> 01 
core2 –> 02 
edge4 –> 03 
edge2 –> 04 
edge8 –> 05 
edge6 –> 06 
edge3 –> 07 
edge1 –> 08 
edge7 –> 09 
edge5 –>10 
 

3.- El certificado creado importarlo en el switch 

 

core1:angel> seccertutil import -config swcert -enable https 
Select protocol [ftp or scp]: ftp 
Enter IP address: 192.168.200.1 
Enter remote directory: /home/angel/certs/ 
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem 
Enter Login Name: angel 
Enter Password:  
Success: imported certificate [192.168.100.1.pem]. 
Certificate file in configuration has been updated. 
Secure http has been enabled. 
 

De esta forma ya está el servicio HTTPS levantado.

1.117 Responses to “Seguridad en una SAN Brocade III – Activar administración por HTTPS”

  1. I don’t know if it’s just me or if perhaps everybody else encountering
    problems with your website. It appears as if some of the written text within your content are running off the screen. Can somebody else
    please comment and let me know if this is happening to them as well?

    This could be a problem with my internet browser
    because I’ve had this happen before. Kudos

  2. Nice post. I was checking continuously this weblog and I’m impressed!
    Extremely helpful info particularly the last section :
    ) I handle such information much. I was seeking this
    particular information for a long time. Thank you
    and best of luck.

  3. I enjoy what you guys tend to be up too. This type of clever
    work and coverage! Keep up the wonderful works guys I’ve incorporated you guys to my blogroll.

  4. I loved as much as you’ll receive carried out right here.

    The sketch is attractive, your authored material stylish.

    nonetheless, you command get got an impatience over that you wish be delivering the following.

    unwell unquestionably come further formerly again since exactly the same nearly very often inside case
    you shield this hike.

  5. I’m really enjoying the design and layout of your
    blog. It’s a very easy on the eyes which makes it much more pleasant for
    me to come here and visit more often. Did you hire out
    a designer to create your theme? Exceptional work!

  6. I am extremely inspired with your writing skills and also with the layout in your
    blog. Is this a paid topic or did you modify it your self? Anyway keep up the excellent quality writing, it’s uncommon to see
    a great weblog like this one today..

  7. Hi there Dear, are you actually visiting this web site on a
    regular basis, if so after that you will absolutely obtain pleasant
    know-how.

  8. I’m not sure where you are getting your information, but good topic.
    I needs to spend some time learning much more or understanding more.
    Thanks for wonderful info I was looking for this information for my mission.

  9. Thanks for sharing your thoughts. I truly appreciate your efforts and I am
    waiting for your next write ups thank you once again.

  10. Hello, after reading this remarkable piece of writing
    i am also cheerful to share my familiarity
    here with mates.

  11. Greate post. Keep posting such kind of info on your page.
    Im really impressed by your blog.
    Hello there, You’ve done an excellent job. I will definitely
    digg it and in my opinion suggest to my friends. I’m sure they’ll be benefited from this web site.

  12. These are actually fantastic ideas in concerning blogging.
    You have touched some nice things here. Any way keep up wrinting.

  13. Hi there to every body, it’s my first pay a visit of this blog; this web
    site carries amazing and actually excellent data designed for
    readers.

  14. Howdy, I do believe your site may be having web
    browser compatibility problems. Whenever I take a look at your site
    in Safari, it looks fine however, when opening in Internet Explorer, it
    has some overlapping issues. I simply wanted to provide you with a quick heads up!
    Apart from that, fantastic blog!

  15. Gavin dice:

    This is my first time go to see at here and i am in fact happy to read all at one place.

  16. I have to thank you for the efforts you’ve put in writing this blog.
    I’m hoping to view the same high-grade content from
    you later on as well. In fact, your creative writing abilities has inspired me to get my own, personal site now 😉

  17. You can definitely see your expertise within the work you write.
    The arena hopes for more passionate writers like you who are not afraid to say
    how they believe. At all times go after your heart.

  18. Good day! Do you know if they make any plugins to protect against hackers?
    I’m kinda paranoid about losing everything I’ve worked hard on. Any tips?

  19. It’s very effortless to find out any matter on net as
    compared to books, as I found this post at this web site.

  20. For latest news you have to visit world wide web and on internet I found this website
    as a best site for newest updates.

  21. I loved as much as you’ll receive carried out right here.
    The sketch is attractive, your authored material stylish.
    nonetheless, you command get bought an impatience over that you wish
    be delivering the following. unwell unquestionably come more
    formerly again as exactly the same nearly a lot often inside case you
    shield this increase.

  22. Hey there! Someone in my Facebook group shared this site with us so I came to check it out.
    I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers!
    Great blog and fantastic design and style.

  23. Thanks for finally talking about > Seguridad en una SAN Brocade III – Activar administración por HTTPS | Almacenamiento Abierto
    slot deposit pulsa

  24. What’s up to all, the contents existing at this site are in fact amazing for people experience, well,
    keep up the good work fellows.

    Feel free to visit my web site; deposit poker pulsa

  25. Thanks for your personal marvelous posting!

    I definitely enjoyed reading it, you happen to be
    a great author.I will remember to bookmark your
    blog and will come back in the future. I want to encourage one to continue
    your great work, have a nice day!

    Look at my webpage – poker idn pulsa

  26. Hello great website! Does running a blog such as this require a lot of work?
    I have very little expertise in computer programming however
    I was hoping to start my own blog in the near future.
    Anyway, should you have any recommendations or techniques for new blog owners please share.
    I know this is off topic nevertheless I simply had to ask.

    Kudos!

    Take a look at my web-site bandar slot online

  27. You really make it appear so easy along with your presentation but I find
    this topic to be actually something which I believe I might never understand.
    It sort of feels too complex and extremely huge for me.

    I’m having a look ahead to your subsequent submit, I will attempt to get the grasp of it!

  28. Oh my goodness! Incredible article dude! Many thanks, However I am having difficulties with your RSS.
    I don’t know why I am unable to join it. Is there anyone else having identical RSS
    issues? Anybody who knows the solution can you kindly respond?
    Thanx!!

  29. What’s up, all is going fine here and ofcourse every one is sharing data, that’s
    really good, keep up writing.

  30. qnbuz.net dice:

    Having read this I thought it was extremely informative. I
    appreciate you finding the time and effort to put this article together.

    I once again find myself spending way too much time both reading and commenting.
    But so what, it was still worthwhile!

  31. If some one wants to be updated with most up-to-date technologies therefore he must
    be visit this website and be up to date daily.

  32. I have learn a few just right stuff here. Definitely value bookmarking for revisiting.
    I wonder how a lot effort you put to create this type of magnificent informative
    web site.

  33. Hello! I could have sworn I’ve visited this site before but after browsing through many of the articles I realized it’s
    new to me. Anyhow, I’m definitely happy I discovered it and I’ll be bookmarking
    it and checking back frequently!

  34. Today, I went to the beach front with my children. I found a
    sea shell and gave it to my 4 year old daughter and said «You can hear the ocean if you put this to your ear.» She put
    the shell to her ear and screamed. There was a hermit
    crab inside and it pinched her ear. She never wants to go back!

    LoL I know this is totally off topic but I had to tell someone!

  35. When some one searches for his required thing, so he/she desires to be available that in detail, thus that thing
    is maintained over here.

  36. My brother recommended I may like this web site. He was totally right.
    This submit actually made my day. You cann’t consider just how so much time I had spent for this info!
    Thanks!

  37. I do not know if it’s just me or if perhaps everyone else encountering problems with your blog.
    It looks like some of the text in your posts are running off
    the screen. Can somebody else please provide feedback and let me
    know if this is happening to them as well? This might be a
    issue with my internet browser because I’ve had this happen before.
    Thanks

  38. Wonderful work! That is the kind of information that should be
    shared across the web. Disgrace on Google for not positioning this post higher!

    Come on over and seek advice from my site . Thanks
    =)

  39. Your style is so unique in comparison to other folks I’ve read stuff from.

    Many thanks for posting when you’ve got the opportunity, Guess I’ll just
    book mark this web site.

  40. An outstanding share! I’ve just forwarded this onto a friend who had been conducting a
    little homework on this. And he actually ordered me dinner due to the fact that I discovered it for him…

    lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending time to talk about this matter
    here on your site.

  41. Your style is so unique compared to other people I’ve
    read stuff from. Many thanks for posting when you have the opportunity, Guess I’ll just book
    mark this web site.

  42. It’s appropriate time to make a few plans for the long run and it is time to be happy.
    I have learn this publish and if I may just I want to recommend you some interesting things or
    tips. Maybe you can write next articles regarding this article.
    I desire to learn even more issues about it!

  43. You could certainly see your skills in the work you write.
    The arena hopes for more passionate writers such as you who are not
    afraid to mention how they believe. All the time follow your heart.

  44. Woah! I’m really digging the template/theme of this website.
    It’s simple, yet effective. A lot of times it’s very difficult to get that «perfect balance» between usability and visual appearance.
    I must say you’ve done a awesome job with this.
    Also, the blog loads very fast for me on Internet explorer.
    Excellent Blog!

  45. penzu.com dice:

    Please let me know if you’re looking for a article author
    for your weblog. You have some really good posts and
    I believe I would be a good asset. If you ever want to take some of the load off, I’d really like to write some articles for your blog in exchange for a link back to mine.
    Please send me an e-mail if interested. Thanks!

  46. I pay a visit daily a few websites and websites to read posts,
    except this website presents quality based articles.

  47. fdyxw.com dice:

    Hi! I just wanted to ask if you ever have any trouble with hackers?
    My last blog (wordpress) was hacked and I ended up losing
    several weeks of hard work due to no data backup.
    Do you have any solutions to stop hackers?

  48. bandit250.ru dice:

    Greetings! Very helpful advice in this particular article!
    It’s the little changes that make the most important changes.
    Thanks a lot for sharing!

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *