En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Hi mates, good article and good urging commented here, I
am really enjoying by these.
Hello There. I discovered your blog the use of msn. This is a really smartly written article.
I’ll be sure to bookmark it and come back to learn extra of your useful info.
Thank you for the post. I’ll certainly comeback.
This is a great tip particularly to those new to the blogosphere.
Simple but very accurate information… Many thanks for sharing this one.
A must read article!
Heya! I realize this is sort of off-topic however I needed to ask.
Does running a well-established website like yours take a lot of work?
I’m brand new to running a blog however I do write in my diary everyday.
I’d like to start a blog so I will be able to share my experience
and views online. Please let me know if you have any recommendations or tips
for new aspiring blog owners. Thankyou!
I got this web site from my pal who informed me on the topic of
this web site and at the moment this time I am visiting this
site and reading very informative articles here.
It’s actually a cool and useful piece of info. I am
glad that you just shared this helpful information with us.
Please stay us informed like this. Thanks for sharing.
Link exchange is nothing else however it is just placing the other person’s blog link on your page at proper place
and other person will also do similar in support of you.
Hello, I desire to subscribe for this web site to take most
recent updates, so where can i do it please help out.
Thanks for finally writing about > Seguridad en una SAN Brocade III – Activar administración por HTTPS | Almacenamiento Abierto < Liked it!
I was recommended this blog by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my trouble.
You’re amazing! Thanks!
I got this website from my friend who told me concerning this website and
at the moment this time I am visiting this web site and reading very informative posts at this time.
Hi there to all, the contents existing at this website are really awesome
for people experience, well, keep up the good work fellows.
I really like it whenever people come together and share ideas.
Great blog, stick with it!
If some one wishes to be updated with most recent
technologies therefore he must be visit this website and be up
to date all the time.
Good day! I know this is somewhat off topic but
I was wondering if you knew where I could get a captcha
plugin for my comment form? I’m using the same blog platform as yours and I’m having difficulty finding
one? Thanks a lot!
I like the helpful info you provide in your articles. I will bookmark your blog and check again here regularly.
I am quite sure I’ll learn plenty of new stuff right here!
Good luck for the next!
Heya! I know this is sort of off-topic however I needed
to ask. Does building a well-established website such as yours take a lot of work?
I am completely new to writing a blog however
I do write in my journal every day. I’d like to start a blog so I can easily share my own experience and views online.
Please let me know if you have any recommendations or tips for
new aspiring bloggers. Thankyou!
My spouse and I absolutely love your blog and find a lot of your post’s to
be precisely what I’m looking for. Does one offer guest writers to write content in your
case? I wouldn’t mind composing a post or elaborating on most of the
subjects you write related to here. Again, awesome weblog!
I am curious to find out what blog platform you’re using? I’m
having some minor security problems with my latest blog and I would like to find
something more secure. Do you have any recommendations?
I used to be recommended this blog by means of my cousin. I am no longer sure whether or
not this publish is written via him as no one else understand such exact
approximately my trouble. You are wonderful! Thanks!
You could definitely see your skills within the work you write.
The sector hopes for even more passionate writers such as you
who aren’t afraid to mention how they believe. All the time go after your heart.
Hi there! This is my 1st comment here so I just wanted
to give a quick shout out and say I genuinely enjoy reading through your blog
posts. Can you recommend any other blogs/websites/forums that deal with the same topics?
Thank you!
Why people still use to read news papers when in this technological world everything is accessible on web?
Thank you for the auspicious writeup. It in fact was a entertainment account
it. Look complicated to more delivered agreeable from you!
However, how could we be in contact?
You could certainly see your skills in the work you write.
The arena hopes for more passionate writers like you who are not afraid to say how they believe.
At all times follow your heart.
We are a group of volunteers and starting a new scheme
in our community. Your site provided us with valuable info to work
on. You’ve done an impressive job and our entire community will be thankful to you.
First off I want to say superb blog! I had a quick question in which I’d like to ask if you don’t mind.
I was curious to know how you center yourself and clear
your thoughts prior to writing. I have had a difficult time
clearing my mind in getting my ideas out. I truly do enjoy writing
but it just seems like the first 10 to 15 minutes are wasted just trying to figure out how to
begin. Any suggestions or hints? Appreciate it!
I’d like to find out more? I’d care to find out more details.
Excellent post. I was checking continuously this blog and I’m impressed!
Extremely useful information specially the last part 🙂 I care for such info a
lot. I was looking for this certain information for a long time.
Thank you and good luck.
I am genuinely thankful to the holder of this web page who has shared
this impressive article at at this time.
Hey there, You’ve done an excellent job. I’ll definitely digg it
and personally suggest to my friends. I am sure they’ll be benefited
from this site.
Currently it sounds like Expression Engine is the best blogging platform
out there right now. (from what I’ve read) Is that what you’re using on your blog?
I got this web page from my friend who told me concerning this website and at the moment this time I am browsing this web page and reading very informative
articles at this time.
I’m really inspired together with your writing talents as smartly as with the
format for your weblog. Is that this a paid subject matter
or did you customize it your self? Either way keep up the
nice quality writing, it’s rare to peer a nice blog like this
one these days..
I do not know whether it’s just me or if everybody else encountering
issues with your blog. It appears as if some of the text in your content
are running off the screen. Can somebody else please provide feedback and let me know if this is happening to them too?
This might be a problem with my web browser because I’ve had this happen previously.
Cheers
Excellent beat ! I wish to apprentice even as you amend your website, how can i subscribe
for a blog site? The account aided me a acceptable deal. I were a little bit acquainted of this your broadcast provided vibrant transparent concept
Thank you for some other wonderful article. Where else
may anybody get that kind of info in such a perfect method of
writing? I’ve a presentation subsequent week,
and I’m on the search for such information.
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
You obviously know what youre talking about, why waste your intelligence on just
posting videos to your weblog when you could be giving us
something informative to read?
What’s up colleagues, nice piece of writing and pleasant arguments commented at this
place, I am truly enjoying by these.
I do not even know how I ended up here, but I thought this post was
great. I do not know who you are but certainly you are going to a
famous blogger if you are not already 😉 Cheers!
Hi! Quick question that’s totally off topic. Do you know
how to make your site mobile friendly? My weblog looks weird when viewing from my iphone4.
I’m trying to find a theme or plugin that might be able to correct this problem.
If you have any recommendations, please share. Many thanks!
You need to be a part of a contest for one
of the highest quality sites on the internet. I’m going to recommend this site!
Fabulous, what a website it is! This website presents helpful data to us, keep it up.
Very good information. Lucky me I found your website by chance (stumbleupon).
I have bookmarked it for later!
Hi there, its fastidious paragraph about media print, we all
be aware of media is a enormous source of information.
Very rapidly this web page will be famous among all blog users, due to it’s good articles or reviews
Hurrah, that’s what I was exploring for, what a stuff! existing here at this
web site, thanks admin of this web page.
I all the time used to read article in news papers but now as
I am a user of net thus from now I am using net for articles, thanks to web.
Hi there i am kavin, its my first occasion to commenting anywhere, when i read this piece of writing i
thought i could also make comment due to this good post.
I all the time used to read paragraph in news papers but now as I am a user of internet
therefore from now I am using net for content, thanks to web.