En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I all the time emailed this webpage post page to all my friends, because if like to read it then my friends will too.
Excellent post. I used to be checking constantly this blog and I am inspired!
Very useful info specifically the last phase :
) I take care of such information a lot. I used to
be looking for this certain info for a long time. Thanks and good
luck.
What’s up it’s me, I am also visiting this web site daily, this web
page is actually good and the viewers are genuinely sharing nice thoughts.
Right now it sounds like WordPress is the best blogging
platform out there right now. (from what I’ve read)
Is that what you’re using on your blog?
Aw, this was an extremely good post. Taking a few
minutes and actual effort to produce a top notch article… but what can I say… I hesitate a whole lot
and never seem to get nearly anything done.
Heya exceptional blog! Does running a blog similar to this require a lot
of work? I’ve very little expertise in computer programming however I had been hoping to start
my own blog in the near future. Anyways, if you have any recommendations or tips for new blog
owners please share. I understand this is off subject
however I just had to ask. Thanks a lot!
Just desire to say your article is as surprising.
The clarity in your post is simply nice and i could assume you
are an expert on this subject. Well with your permission let me to grab your feed to keep up to date with forthcoming
post. Thanks a million and please keep up the gratifying work.
I truly love your website.. Great colors & theme. Did you develop this website yourself?
Please reply back as I’m trying to create my own personal blog and would love
to know where you got this from or exactly what the theme
is named. Appreciate it!
If some one desires expert view on the topic of running a blog after that i suggest
him/her to pay a quick visit this weblog, Keep
up the good work.
Everything is very open with a very clear clarification of the
issues. It was definitely informative. Your website is useful.
Thanks for sharing!
Wow, wonderful weblog structure! How lengthy have you ever been blogging
for? you made blogging glance easy. The overall glance of your website is wonderful, as well as the content!
I really like what you guys are up too. Such clever work and reporting!
Keep up the amazing works guys I’ve added you guys to my own blogroll.
Hmm it looks like your site ate my first comment (it was extremely
long) so I guess I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog.
I too am an aspiring blog writer but I’m still new to the whole thing.
Do you have any points for rookie blog writers? I’d genuinely appreciate it.
Howdy! Would you mind if I share your blog with my myspace group?
There’s a lot of folks that I think would really appreciate your content.
Please let me know. Thanks
Heya i am for the first time here. I came across this board and I to find It really helpful & it helped me out a lot.
I hope to present one thing again and aid others like you aided me.
WOW just what I was looking for. Came here by
searching for situs slot online indonesia
Nice blog right here! Also your site a lot up fast!
What web host are you the use of? Can I get your affiliate link for your host?
I want my website loaded up as quickly as yours lol
Very nice post. I just stumbled upon your blog and wished to
say that I have truly enjoyed surfing around your blog posts.
In any case I’ll be subscribing to your rss feed and I
hope you write again soon!
I’m really enjoying the design and layout of your website.
It’s a very easy on the eyes which makes it much more pleasant for me to
come here and visit more often. Did you hire out a designer
to create your theme? Excellent work!
Hello, Neat post. There is a problem with your website in web explorer, may check this?
IE still is the marketplace chief and a huge component to people will omit your excellent
writing due to this problem.
Ahaa, its fastidious dialogue regarding this post
at this place at this weblog, I have read all that, so at this time me also
commenting here.
For hottest information you have to visit web and on web I found this web page as a
finest website for newest updates.
I have read so many articles concerning the blogger lovers
but this piece of writing is in fact a nice article,
keep it up.
It’s enormous that you are getting thoughts from this post as well as from our argument made here.
I love your blog.. very nice colors & theme.
Did you create this website yourself or did you hire someone to do it for you?
Plz answer back as I’m looking to construct my own blog and would like
to know where u got this from. kudos
I just like the valuable information you provide to your articles.
I’ll bookmark your weblog and check again here frequently.
I am reasonably certain I’ll be told many new stuff right right here!
Good luck for the next!
This page really has all the information and facts I wanted about this subject and didn’t know who to
ask.
all the time i used to read smaller articles which as well clear their motive, and that is
also happening with this article which I am reading at this place.
Excellent blog here! Also your site loads up fast! What web host are you using?
Can I get your affiliate link to your host? I wish my web site loaded
up as fast as yours lol
Very quickly this web site will be famous amid
all blog people, due to it’s fastidious posts
constantly i used to read smaller posts which as well clear
their motive, and that is also happening with this piece of writing
which I am reading here.
Unquestionably imagine that that you stated. Your favorite reason appeared to
be on the internet the simplest factor to bear in mind of.
I say to you, I certainly get irked while other folks consider worries that they plainly do not realize about.
You managed to hit the nail upon the highest and
also defined out the whole thing with no need side effect
, other people can take a signal. Will probably be back to get more.
Thank you
Thanks for sharing your thoughts on situs slot online indonesia.
Regards
I do not even know how I ended up here, but I thought this post
was great. I don’t know who you are but certainly you’re going to a famous blogger if you aren’t already ;
) Cheers!
I’m gone to convey my little brother, that he should also pay a quick visit
this webpage on regular basis to get updated from hottest information.
I am sure this article has touched all the internet viewers,
its really really fastidious paragraph on building up new blog.
Yes! Finally something about situs judi slot online.
My family always say that I am killing my time here at web, except I know I am getting familiarity daily
by reading such nice articles or reviews.
Good post. I learn something totally new and challenging on sites
I stumbleupon on a daily basis. It’s always interesting to
read through articles from other authors and use something from their sites.
After looking into a few of the blog articles on your web page, I really like your technique of writing a blog.
I book-marked it to my bookmark site list and will be checking back in the near future.
Please check out my website as well and let me know how you feel.
I all the time used to read post in news papers but now as I am a user of internet
therefore from now I am using net for content, thanks to
web.
Today, while I was at work, my sister stole my apple ipad
and tested to see if it can survive a 40
foot drop, just so she can be a youtube sensation. My apple ipad is now
broken and she has 83 views. I know this is entirely off topic but I had to
share it with someone!
Hello! I know this is somewhat off topic but I was wondering which blog platform are you using for this website?
I’m getting fed up of WordPress because I’ve had issues with hackers
and I’m looking at alternatives for another platform.
I would be fantastic if you could point me in the direction of a good platform.
Right away I am going away to do my breakfast, afterward having my breakfast coming yet again to read further news.
Hey! Do you know if they make any plugins to assist with Search Engine Optimization? I’m trying to get my blog to rank for some targeted keywords but I’m
not seeing very good gains. If you know of any please share.
Appreciate it!
Hmm it appears like your site ate my first comment (it was
extremely long) so I guess I’ll just sum it up
what I had written and say, I’m thoroughly enjoying your blog.
I too am an aspiring blog writer but I’m still new to
everything. Do you have any suggestions for rookie blog writers?
I’d genuinely appreciate it.
I was suggested this web site via my cousin. I’m not positive whether or not this post is
written via him as nobody else understand such detailed about my difficulty.
You are wonderful! Thank you!
This site was… how do I say it? Relevant!!
Finally I’ve found something which helped me.
Thanks a lot!
Hi there! I could have sworn I’ve visited this web
site before but after going through some of the articles I realized
it’s new to me. Nonetheless, I’m definitely pleased I came
across it and I’ll be bookmarking it and checking back frequently!
I absolutely love your blog and find almost all of your
post’s to be what precisely I’m looking for. Would you offer guest writers to write
content to suit your needs? I wouldn’t mind writing a post or elaborating on a lot of the subjects you
write related to here. Again, awesome blog!