En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Spot on with this write-up, I absolutely believe that this website needs far more attention. I’ll probably be returning to see more, thanks for the information!
Hello i am kavin, its my first occasion to commenting anywhere, when i read
this post i thought i could also create comment due to
this sensible article.
Thanks , I’ve just been searching for info approximately this subject for ages and yours is
the best I’ve discovered so far. However,
what concerning the bottom line? Are you sure concerning the source?
First off I want to say superb blog! I had a quick
question that I’d like to ask if you do not mind. I was interested to find out
how you center yourself and clear your thoughts before writing.
I have had a hard time clearing my thoughts in getting my ideas out there.
I do take pleasure in writing however it just seems
like the first 10 to 15 minutes are lost just trying to figure out how to begin. Any
recommendations or tips? Thanks!
I’m impressed, I must say. Seldom do I come across a blog that’s equally educative
and interesting, and without a doubt, you’ve hit the nail on the head.
The problem is something not enough men and women are speaking intelligently about.
I’m very happy I stumbled across this in my search for something relating
to this.
Yes! Finally something about situs judi slot online.
We are a group of volunteers and starting a new scheme in our community.
Your site provided us with valuable info to work on. You’ve done an impressive
job and our entire community will be grateful to you.
What’s up mates, nice post and pleasant urging commented here, I am actually enjoying
by these.
Hi there, just became alert to your blog through Google, and found that it’s really informative.
I am gonna watch out for brussels. I will be grateful if you continue this in future.
Lots of people will be benefited from your writing. Cheers!
Howdy! This post could not be written any
better! Looking through this post reminds me of my previous roommate!
He always kept talking about this. I most certainly will forward this article to him.
Pretty sure he will have a very good read. Thanks for sharing!
Definitely believe that which you stated. Your favorite reason seemed to be on the net the easiest thing to be aware of.
I say to you, I definitely get annoyed while people consider worries
that they just don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects , people can take a signal.
Will likely be back to get more. Thanks
I really like reading through an article that can make men and
women think. Also, many thanks for allowing for me to comment!
I am genuinely thankful to the holder of this web site who has shared this impressive article at
here.
Good post! We are linking to this particularly great article on our website.
Keep up the good writing.
What i don’t realize is in truth how you’re no longer actually a
lot more smartly-liked than you may be now. You’re so intelligent.
You recognize therefore considerably when it comes to this topic, produced me in my view believe it from so many numerous
angles. Its like women and men aren’t involved until it is
one thing to accomplish with Girl gaga! Your individual stuffs great.
All the time deal with it up!
Good way of telling, and nice piece of writing to obtain facts regarding
my presentation topic, which i am going to present in college.
I read this paragraph fully concerning the difference of most recent and previous
technologies, it’s awesome article.
Hey there, You’ve done a fantastic job. I’ll
certainly digg it and personally recommend to my friends.
I am confident they will be benefited from this site.
What’s up to all, how is the whole thing, I think every one is getting more from this web site, and your views are pleasant in favor of new viewers.
Thank you for every other informative website.
Where else may just I am getting that kind of information written in such a perfect means?
I have a challenge that I am just now operating on, and I’ve been at the glance out for such info.
I visited many web pages but the audio feature for audio songs present at this website is in fact wonderful.
I quite like reading through an article that will make men and women think.
Also, thanks for allowing me to comment!
Hurrah, that’s what I was looking for, what a information! present here at this web site, thanks admin of this site.
Unquestionably consider that that you said. Your favourite justification seemed to be on the internet the easiest
thing to understand of. I say to you, I certainly get
irked while people consider concerns that they just do not recognise about.
You managed to hit the nail upon the top and defined out the entire thing with no need side effect , other folks can take a signal.
Will likely be back to get more. Thanks
Hello there I am so glad I found your web site, I really found you
by mistake, while I was browsing on Bing for something else,
Nonetheless I am here now and would just like to say
many thanks for a remarkable post and a all round thrilling blog (I also love the theme/design), I don’t
have time to browse it all at the minute but I have bookmarked it
and also included your RSS feeds, so when I have time I will be back to read more, Please do
keep up the awesome jo.
Good post. I learn something new and challenging on blogs
I stumbleupon on a daily basis. It’s always interesting to
read through content from other authors and use
something from other websites.
You could certainly see your skills within the article you write.
The arena hopes for more passionate writers such as you who are not afraid to mention how they believe.
At all times go after your heart.
I savor, cause I found exactly what I was having a look for.
You’ve ended my four day lengthy hunt! God
Bless you man. Have a nice day. Bye
This information is invaluable. How can I find out more?
Hi, I do believe this is a great web site. I stumbledupon it 😉 I’m going to come back yet again since I book-marked it.
Money and freedom is the best way to change, may you be rich and continue to help others.
Highly energetic article, I enjoyed that a lot.
Will there be a part 2?
It’s the best time to make a few plans for the longer term and it is time to be happy.
I’ve read this put up and if I may just I desire to recommend you few attention-grabbing things
or advice. Maybe you can write next articles relating
to this article. I wish to learn more things approximately
it!
Hi colleagues, its impressive piece of writing concerning teachingand completely defined, keep it up all the
time.
I like reading a post that can make people think.
Also, thanks for permitting me to comment!
Does your site have a contact page? I’m having trouble locating it but, I’d like to send you an e-mail.
I’ve got some creative ideas for your blog you might
be interested in hearing. Either way, great site and I look forward to seeing it grow over time.
I really like what you guys are up too. Such clever work and coverage!
Keep up the superb works guys I’ve added you guys to blogroll.
My developer is trying to persuade me to move to .net from PHP.
I have always disliked the idea because of the expenses.
But he’s tryiong none the less. I’ve been using Movable-type on a variety of websites for about
a year and am worried about switching to another platform.
I have heard good things about blogengine.net.
Is there a way I can transfer all my wordpress content into
it? Any kind of help would be really appreciated!
bookmarked!!, I love your blog!
I am extremely impressed with your writing skills as well as with
the layout on your weblog. Is this a paid theme or did you
customize it yourself? Either way keep up the excellent quality writing, it is
rare to see a nice blog like this one these days.
Very nice article, just what I was looking for.
I am really loving the theme/design of your site.
Do you ever run into any internet browser compatibility issues?
A number of my blog audience have complained about my website not
operating correctly in Explorer but looks great in Chrome. Do you have
any ideas to help fix this problem?
I’m not sure exactly why but this web site is loading incredibly slow for me.
Is anyone else having this problem or is it a problem on my end?
I’ll check back later and see if the problem still exists.
What i do not realize is if truth be told how you are now not actually much more well-liked than you might be now.
You are very intelligent. You know thus considerably on the
subject of this subject, made me personally believe it from a lot
of varied angles. Its like men and women are not interested until it is something to do with Lady gaga!
Your own stuffs outstanding. At all times deal with it up!
I am not sure where you are getting your information, but good topic.
I needs to spend some time learning much more or understanding more.
Thanks for magnificent info I was looking for this information for my mission.
Hi there, I discovered your blog by way of Google whilst looking
for a related topic, your website got here up, it appears to be like good.
I have bookmarked it in my google bookmarks.
Hi there, simply become alert to your weblog through Google, and found that
it is truly informative. I am gonna watch out for brussels.
I will be grateful in case you proceed this in future.
Numerous other folks can be benefited from your writing.
Cheers!
Hello to all, how is the whole thing, I think every one is
getting more from this site, and your views are nice for new people.
I’m really impressed with your writing skills and also with the format on your blog.
Is this a paid theme or did you modify it yourself?
Anyway stay up the nice quality writing, it’s uncommon to peer a great blog like this
one these days..
I think the admin of this site is actually working hard in support
of his website, for the reason that here every material is quality
based material.
Hurrah, that’s what I was looking for, what a information! existing here
at this web site, thanks admin of this web page.
What’s up mates, pleasant post and pleasant urging commented at this place,
I am actually enjoying by these.