En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Hmm it seems like your blog ate my first comment (it was super long)
so I guess I’ll just sum it up what I submitted and say,
I’m thoroughly enjoying your blog. I as
well am an aspiring blog writer but I’m still new to everything.
Do you have any helpful hints for inexperienced blog writers?
I’d certainly appreciate it.
It is not my first time to pay a quick visit this website, i
am visiting this site dailly and get nice facts from here daily.
What’s up every one, here every one is sharing these kinds of experience, thus it’s fastidious to read this webpage,
and I used to pay a visit this weblog all the time.
Amazing! Its truly amazing piece of writing, I have got much clear idea
about from this post.
Good post however , I was wondering if you could write a
litte more on this topic? I’d be very grateful if
you could elaborate a little bit further. Thanks!
It’s genuinely very difficult in this busy life to listen news
on Television, therefore I just use world wide web for that reason, and take the newest information.
Excellent article. Keep writing such kind
of info on your blog. Im really impressed by it.
Hello there, You’ve performed a great job. I’ll certainly digg it and for my part suggest to my
friends. I’m sure they’ll be benefited from this web
site.
Hi, always i used to check weblog posts here in the early
hours in the daylight, for the reason that
i like to gain knowledge of more and more.
Asking questions are genuinely nice thing if you are not understanding
something completely, but this article offers fastidious understanding even.
I must thank you for the efforts you’ve put in writing this blog.
I really hope to see the same high-grade content from you
in the future as well. In truth, your creative writing abilities has inspired me to
get my own website now 😉
Good day! Do you know if they make any plugins to protect against
hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?
Right now it appears like WordPress is the preferred blogging
platform out there right now. (from what I’ve read) Is that what you are using on your blog?
I was curious if you ever considered changing the page layout
of your site? Its very well written; I love what youve got to say.
But maybe you could a little more in the way of content so people could connect with it better.
Youve got an awful lot of text for only having 1 or 2 images.
Maybe you could space it out better?
I just like the valuable information you provide to
your articles. I’ll bookmark your weblog and test again here
regularly. I am reasonably certain I’ll learn many new stuff right right here!
Best of luck for the next!
Fantastic blog! Do you have any helpful hints for
aspiring writers? I’m planning to start my own site
soon but I’m a little lost on everything. Would you suggest starting with
a free platform like WordPress or go for a paid option? There are so many options out there that I’m completely confused ..
Any recommendations? Thanks!
There’s definately a great deal to learn about this topic.
I really like all the points you have made.
Howdy would you mind sharing which blog platform you’re working with?
I’m looking to start my own blog in the near future but I’m having
a hard time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design seems different then most blogs and I’m looking for
something completely unique. P.S
My apologies for being off-topic but I had to ask!
Howdy! Do you use Twitter? I’d like to follow you if that
would be ok. I’m undoubtedly enjoying your blog
and look forward to new updates.
Sweet blog! I found it while searching on Yahoo News.
Do you have any suggestions on how to get listed in Yahoo News?
I’ve been trying for a while but I never seem to get there!
Thank you
Hmm is anyone else experiencing problems with
the images on this blog loading? I’m trying to find out if its a problem on my end
or if it’s the blog. Any feedback would be greatly appreciated.
It’s going to be end of mine day, but before ending I am reading this enormous piece
of writing to improve my experience.
We absolutely love your blog and find the
majority of your post’s to be exactly I’m looking for. can you offer guest
writers to write content for you personally? I wouldn’t mind composing a post or elaborating on some of
the subjects you write with regards to here.
Again, awesome web site!
Can you tell us more about this? I’d want to find out some
additional information.
Piece of writing writing is also a excitement, if you be acquainted with after
that you can write if not it is complicated
to write.
This design is steller! You obviously know how to keep a reader entertained.
Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Fantastic job.
I really enjoyed what you had to say, and more than that, how you presented
it. Too cool!
I used to be suggested this web site via my cousin. I am not
positive whether or not this publish is written by means of him as
no one else know such particular approximately my trouble.
You are wonderful! Thanks!
I am sure this post has touched all the internet viewers,
its really really good piece of writing on building up new
weblog.
of course like your website but you have to check the spelling on quite
a few of your posts. A number of them are rife with spelling issues and I find it
very troublesome to inform the truth on the other hand I will definitely come again again.
I visited multiple sites but the audio feature for
audio songs current at this site is genuinely wonderful.
You need to be a part of a contest for one of the most useful sites on the internet.
I most certainly will highly recommend this website!
With havin so much content do you ever run into any problems of plagorism or copyright infringement?
My blog has a lot of exclusive content I’ve either authored myself
or outsourced but it seems a lot of it is popping it up all over the web without my agreement.
Do you know any techniques to help reduce content from being ripped off?
I’d certainly appreciate it.
Have you ever considered about including a little
bit more than just your articles? I mean, what you say is important and everything.
Nevertheless imagine if you added some great graphics or video clips to give your posts more,
«pop»! Your content is excellent but with images and clips,
this blog could undeniably be one of the greatest in its field.
Fantastic blog!
Quality articles is the important to be a focus for the people to go to
see the website, that’s what this web site is providing.
These are really wonderful ideas in concerning blogging.
You have touched some pleasant factors here. Any way
keep up wrinting.
Thank you, I’ve just been looking for information about this topic
for ages and yours is the greatest I’ve discovered till now.
But, what about the conclusion? Are you positive concerning
the source?
Ahaa, its pleasant discussion regarding this paragraph here at this weblog, I
have read all that, so now me also commenting at this place.
I’m very pleased to find this website. I need to to
thank you for ones time just for this wonderful read!!
I definitely appreciated every bit of it and i also have you saved
to fav to see new information in your blog.
No matter if some one searches for his vital thing,
thus he/she wishes to be available that in detail,
so that thing is maintained over here.
Wonderful article! That is the type of information that are supposed
to be shared around the net. Disgrace on the seek engines
for not positioning this put up upper! Come on over and visit my site .
Thank you =)
Its like you read my mind! You seem to know so much about this, like you wrote the book in it
or something. I think that you could do with a few pics to drive the message home a bit,
but instead of that, this is magnificent blog.
An excellent read. I’ll definitely be back.
Hey there! This post could not be written any better!
Reading through this post reminds me of my old room mate!
He always kept talking about this. I will forward
this page to him. Fairly certain he will have a good read.
Thanks for sharing!
Wonderful site. A lot of useful information here.
I am sending it to some friends ans also sharing in delicious.
And naturally, thanks to your sweat!
It is truly a nice and useful piece of info. I am satisfied that you just shared this useful information with us.
Please stay us informed like this. Thank you for sharing.
Thanks , I have recently been looking for info
approximately this topic for a long time and yours is
the greatest I have came upon till now. However, what concerning the
conclusion? Are you positive concerning the supply?
Right here is the perfect webpage for anybody who wants
to understand this topic. You know so much its almost tough
to argue with you (not that I really will need to…HaHa).
You definitely put a fresh spin on a subject that’s been discussed for a long time.
Wonderful stuff, just wonderful!
Greetings from Ohio! I’m bored to death at work so I decided to check
out your site on my iphone during lunch break.
I really like the info you provide here and can’t wait to take a look when I get home.
I’m shocked at how quick your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyhow, excellent blog!
Greetings! Very helpful advice within this article!
It’s the little changes that make the most significant changes.
Many thanks for sharing!
Have you ever considered about adding a little bit more than just your
articles? I mean, what you say is valuable and all.
Nevertheless think about if you added some great pictures or videos
to give your posts more, «pop»! Your content is excellent but with pics and video
clips, this website could definitely be one of the greatest
in its niche. Amazing blog!
Wow! At last I got a webpage from where I be capable of genuinely take valuable information regarding my study and knowledge.
Appreciation to my father who told me about this weblog, this weblog is
truly remarkable.