En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Hurrah, that’s what I was looking for, what a data!
existing here at this website, thanks admin of this web page.
I go to see daily a few web pages and sites to read content, except this webpage presents feature based posts.
Everyone loves it whenever people get together and share opinions.
Great blog, keep it up!
Somebody necessarily assist to make seriously posts I’d
state. This is the first time I frequented your website page and so far?
I surprised with the analysis you made to make this particular put up amazing.
Great task!
I all the time emailed this blog post page to all my associates, for the reason that if like to read it then my links will too.
Hello! I know this is somewhat off topic but I was wondering which blog platform are you using for this site?
I’m getting sick and tired of WordPress because I’ve had issues with
hackers and I’m looking at options for another platform. I would be great if you could point me in the direction of a good platform.
What’s up, of course this piece of writing is actually nice and I have learned lot of
things from it on the topic of blogging. thanks.
Hi! Someone in my Facebook group shared this website with us so I came to give it a look.
I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers!
Terrific blog and terrific design.
Hi there just wanted to give you a brief heads up and let
you know a few of the pictures aren’t loading properly.
I’m not sure why but I think its a linking issue. I’ve tried it
in two different browsers and both show the same results.
Hi, i think that i saw you visited my weblog so i got here to return the prefer?.I’m attempting
to in finding things to improve my web site!I suppose its good enough to
use some of your ideas!!
Very descriptive post, I liked that bit. Will there
be a part 2?
Hey there! I’ve been following your blog for a long time now and finally got the courage to go ahead and give you
a shout out from Austin Texas! Just wanted to mention keep up the excellent work!
Piece of writing writing is also a fun, if you be acquainted with then you can write or else it is difficult to write.
Pretty nice post. I simply stumbled upon your blog and
wanted to say that I have truly loved surfing around your blog posts.
In any case I will be subscribing to your feed and I’m
hoping you write again very soon!
Hi there to every body, it’s my first visit of this blog; this webpage consists of amazing
and actually good information in favor of readers.
Hello There. I found your blog using msn. This is a really well written article.
I will be sure to bookmark it and come back to read more of your useful info.
Thanks for the post. I’ll certainly comeback.
Hello there! This post could not be written any better!
Reading this post reminds me of my old room mate!
He always kept talking about this. I will forward this page to him.
Fairly certain he will have a good read. Many thanks for
sharing!
I was recommended this website by way of my cousin. I’m not
positive whether or not this publish is written by means of
him as nobody else understand such certain about my trouble.
You’re amazing! Thanks!
We’re a group of volunteers and starting a new scheme in our community.
Your site offered us with valuable information to work on. You’ve done an impressive job and our whole community will be thankful to you.
It’s going to be finish of mine day, however before
end I am reading this wonderful paragraph to improve my knowledge.
Excellent blog! Do you have any tips and hints for aspiring writers?
I’m hoping to start my own blog soon but I’m a little lost
on everything. Would you advise starting with a free platform like WordPress or go
for a paid option? There are so many choices out there that I’m completely confused ..
Any recommendations? Bless you!
I do believe all of the ideas you’ve offered in your post. They’re very convincing and can certainly
work. Still, the posts are very brief for newbies.
Could you please lengthen them a bit from next time? Thanks for the
post.
No matter if some one searches for his essential thing, thus he/she needs to be available that in detail, therefore
that thing is maintained over here.
What’s up Dear, are you genuinely visiting this site regularly, if
so afterward you will without doubt take nice experience.
Hey just wanted to give you a brief heads up and let you
know a few of the images aren’t loading correctly.
I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same outcome.
I visited multiple web sites but the audio quality for audio
songs present at this website is genuinely excellent.
Highly descriptive article, I loved that a lot. Will there be a
part 2?
Hmm is anyone else encountering problems with the images on this blog loading?
I’m trying to find out if its a problem on my end or if it’s
the blog. Any feedback would be greatly appreciated.
My family every time say that I am wasting my time here
at net, except I know I am getting experience every day by reading such pleasant content.
This is really interesting, You are a very skilled blogger.
I have joined your feed and look forward to seeking more of your excellent post.
Also, I have shared your website in my social networks!
Good way of explaining, and fastidious article to take
facts concerning my presentation focus, which i am going to convey in university.
This information is invaluable. When can I find out more?
You need to be a part of a contest for one of the best sites online.
I’m going to highly recommend this web site!
Very good article. I am dealing with some of these issues as well..
First off I want to say wonderful blog! I had a quick question in which I’d like to
ask if you don’t mind. I was curious to know how you center yourself and clear your
thoughts prior to writing. I have had a difficult time clearing
my thoughts in getting my thoughts out. I truly do
take pleasure in writing but it just seems like the first 10 to
15 minutes are lost simply just trying to figure out how to begin. Any suggestions or hints?
Thank you!
Thanks for sharing your thoughts about slot deposit pulsa tanpa potongan.
Regards
Hello, i think that i noticed you visited my website
thus i came to go back the choose?.I’m attempting to find
issues to improve my website!I assume its adequate to make
use of some of your concepts!!
Pretty! This was a really wonderful post. Many thanks for providing this info.
Hello there! This post could not be written any better! Reading
this post reminds me of my old room mate! He always kept chatting
about this. I will forward this article to him.
Fairly certain he will have a good read.
Thank you for sharing!
You ought to take part in a contest for one of the greatest blogs on the internet.
I will recommend this website!
It’s perfect time to make some plans for the future and it’s time to be happy.
I’ve read this post and if I could I desire to suggest you few interesting things or suggestions.
Maybe you can write next articles referring to this article.
I wish to read more things about it!
Pretty nice post. I simply stumbled upon your blog and wanted to mention that I’ve really enjoyed
browsing your weblog posts. In any case I’ll be subscribing to your rss feed and I am hoping you write once more very soon!
I always emailed this web site post page to all my associates, because
if like to read it afterward my friends will too.
Excellent post. I was checking constantly this blog and I am impressed!
Extremely helpful info specifically the last part 🙂 I care for
such info much. I was seeking this particular information for a long time.
Thank you and good luck.
I’m amazed, I must say. Seldom do I encounter a blog that’s both equally educative and engaging, and let me tell you, you have
hit the nail on the head. The problem is an issue that too few folks are
speaking intelligently about. Now i’m very happy I found this during my hunt for something regarding this.
Thank you, I’ve recently been looking for information about
this subject for a long time and yours is the best I
have discovered till now. But, what in regards to the conclusion? Are you positive about the source?
I blog frequently and I really appreciate your content.
This article has truly peaked my interest. I am going to
bookmark your site and keep checking for new details about once a week.
I subscribed to your RSS feed too.
Unquestionably imagine that that you stated. Your favorite justification appeared to be at the net the simplest factor
to be mindful of. I say to you, I certainly get annoyed while other people consider concerns that they just don’t understand about.
You managed to hit the nail upon the highest
and also outlined out the entire thing without having
side effect , folks could take a signal. Will likely be again to get more.
Thank you
Does your blog have a contact page? I’m having a tough time locating it but, I’d like to send you an e-mail.
I’ve got some recommendations for your blog you might be interested in hearing.
Either way, great website and I look forward to seeing it expand over time.
This article will help the internet visitors for setting up new webpage or even a blog
from start to end.