En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I read this article fully on the topic of the difference of
hottest and preceding technologies, it’s awesome article.
Excellent pieces. Keep writing such kind
of info on your page. Im really impressed by your blog.
Hey there, You have performed a great job. I’ll certainly digg it and individually suggest to my friends.
I’m sure they’ll be benefited from this site.
I like the helpful info you provide on your articles.
I will bookmark your weblog and test once more here regularly.
I am somewhat certain I will learn lots of new stuff proper right here!
Good luck for the next!
It’s actually a nice and helpful piece of info. I am satisfied that you just shared this useful information with us.
Please stay us up to date like this. Thank you for sharing.
Its such as you learn my thoughts! You appear to know so much approximately this,
like you wrote the ebook in it or something. I believe that you
just can do with some percent to pressure the message home a bit, but other than that, this is fantastic blog.
A great read. I will definitely be back.
Hmm is anyone else encountering problems with the images on this blog
loading? I’m trying to figure out if its a problem on my
end or if it’s the blog. Any responses would be greatly appreciated.
I’m extremely inspired together with your writing abilities and also with the structure for your weblog.
Is that this a paid theme or did you modify it yourself?
Either way stay up the excellent high quality writing, it’s uncommon to see
a nice blog like this one these days..
Thanks , I have just been looking for information approximately this subject for a long
time and yours is the best I’ve discovered till
now. However, what in regards to the conclusion? Are you positive in regards to the supply?
Way cool! Some extremely valid points! I appreciate you writing this article and also the rest of the site is really good.
Thanks for sharing your thoughts about situs slot online indonesia.
Regards
This is very interesting, You are a very skilled blogger.
I have joined your rss feed and look forward to
seeking more of your great post. Also, I’ve shared your web
site in my social networks!
This paragraph offers clear idea in support of the new people
of blogging, that genuinely how to do running a blog.
Its such as you learn my mind! You appear to grasp so much about this, like you wrote the guide in it or something.
I feel that you just could do with a few % to pressure the message house
a little bit, but other than that, that is great blog.
A great read. I’ll certainly be back.
Hi there, all the time i used to check webpage posts here
in the early hours in the morning, since i love to gain knowledge of more
and more.
Hello There. I found your blog using msn. This is a very well
written article. I’ll be sure to bookmark it and come back to read more of
your useful info. Thanks for the post. I will definitely comeback.
You really make it seem so easy with your presentation but I find this matter to be really something which I think I would never understand.
It seems too complex and very broad for me. I am looking forward for your next post,
I’ll try to get the hang of it!
Thankfulness to my father who shared with me on the topic of this weblog, this website is actually awesome.
I pay a quick visit every day some sites and sites to read content, but
this weblog gives quality based content.
Very quickly this web site will be famous amid all blogging people, due to it’s pleasant content
It’s actually very difficult in this full of activity life to listen news on TV, so I
only use the web for that purpose, and get the newest information.
I am really enjoying the theme/design of your website.
Do you ever run into any browser compatibility
issues? A small number of my blog audience have complained about my site not operating correctly in Explorer but looks great
in Safari. Do you have any tips to help fix this issue?
My brother suggested I might like this website. He was entirely right.
This post actually made my day. You can not imagine just how much time I had spent
for this information! Thanks!
If some one desires expert view concerning blogging after that i propose
him/her to pay a quick visit this webpage, Keep up the fastidious job.
Hi there! I just want to give you a big thumbs up for your great info you have right here
on this post. I will be coming back to your web site for more soon.
My family always say that I am killing my time here at net, but I
know I am getting knowledge all the time by reading such pleasant articles.
Hi there, I enjoy reading all of your post.
I like to write a little comment to support you.
Everything is very open with a really clear description of the issues.
It was definitely informative. Your site is very helpful.
Thanks for sharing!
It’s going to be ending of mine day, however before ending I am reading this impressive
paragraph to improve my knowledge.
Thank you for the auspicious writeup. It in fact was a amusement account it.
Look advanced to far added agreeable from you!
By the way, how could we communicate?
My family all the time say that I am wasting my time here at web, except I know I am getting
know-how daily by reading thes good content.
wonderful issues altogether, you just gained a new reader. What would you recommend about your publish that you made
some days ago? Any positive?
Hello There. I found your weblog using msn. That is a really neatly written article.
I will be sure to bookmark it and return to read more of your helpful information. Thanks for the post.
I’ll definitely comeback.
Howdy! I’m at work browsing your blog from my new apple iphone!
Just wanted to say I love reading your blog and look
forward to all your posts! Keep up the outstanding work!
It’s the best time to make a few plans for the long run and it’s time to be happy.
I have learn this put up and if I could I
want to recommend you some attention-grabbing things or advice.
Perhaps you can write subsequent articles regarding this article.
I desire to read more issues about it!
Hi there to every body, it’s my first pay a visit
of this website; this webpage consists of remarkable and truly excellent material designed for visitors.
I enjoy what you guys tend to be up too. Such clever work and exposure!
Keep up the very good works guys I’ve you guys to blogroll.
Greetings from California! I’m bored to tears at work so I decided to browse your site on my iphone during lunch break.
I enjoy the knowledge you provide here and can’t wait to take a look when I get home.
I’m shocked at how fast your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyhow,
amazing blog!
It’s truly a great and helpful piece of information. I am glad that you just shared this useful info
with us. Please stay us informed like this. Thanks for sharing.
Hello there! I simply wish to give you a big thumbs up for
the excellent information you’ve got here on this post. I will be returning
to your web site for more soon.
It is appropriate time to make a few plans for the longer term and
it is time to be happy. I have read this post and if I may I want to suggest you
some attention-grabbing issues or tips. Maybe you could write next articles relating to this article.
I want to learn more issues approximately it!
An outstanding share! I have just forwarded this onto a colleague who had been doing a little homework on this.
And he actually ordered me breakfast because I found it for him…
lol. So let me reword this…. Thank YOU for the meal!!
But yeah, thanks for spending time to talk about this matter here on your web page.
Unquestionably believe that which you stated. Your favorite
justification appeared to be on the web the simplest thing to be
aware of. I say to you, I certainly get irked while people think about
worries that they just don’t know about. You managed to hit the nail
upon the top as well as defined out the whole
thing without having side-effects , people can take a signal.
Will likely be back to get more. Thanks
Thanks , I’ve just been looking for information about this subject for a while and
yours is the best I have found out till now. However, what about the bottom line?
Are you certain in regards to the source?
wonderful submit, very informative. I’m wondering why the other experts of this sector
don’t realize this. You must proceed your writing. I am sure, you have a huge readers’ base already!
Very good article. I will be going through
some of these issues as well..
I couldn’t refrain from commenting. Exceptionally well written!
Greetings from California! I’m bored to death at work so I decided to
check out your website on my iphone during lunch break.
I really like the knowledge you provide here and can’t
wait to take a look when I get home. I’m shocked at how fast your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyhow, excellent blog!
certainly like your web site but you need to take a
look at the spelling on quite a few of your posts.
Several of them are rife with spelling problems and I in finding it very bothersome to tell
the truth nevertheless I will definitely come back again.
You really make it seem so easy with your presentation but I find this topic to be really
something that I think I would never understand.
It seems too complex and very broad for me. I am looking forward for your next post, I’ll
try to get the hang of it!
Excellent blog here! Also your site loads up very fast! What host are you
using? Can I get your affiliate link to your host? I wish my site loaded up as
fast as yours lol