En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Pretty! This has been an incredibly wonderful article. Many thanks for providing this information.
I wanted to thank you for this great read!! I certainly enjoyed every little bit of it.
I’ve got you book-marked to check out new stuff you post?
My web page – Natures Edge Testo Gummies Cost
I’ll right away seize your rss feed as I can’t in finding your e-mail subscription link or
newsletter service. Do you’ve any? Kindly allow
me recognize in order that I could subscribe. Thanks.
Yes! Finally someone writes about pet animal reincarnation.
my web-site … Chanda
Medicine information for patients. Brand names.
accutane no prescription in US
All information about medicament. Get information now.
It’s really a nice and helpful piece of information. I’m happy that
you simply shared this helpful information with us. Please stay us informed like
this. Thanks for sharing.
Hi thіs is somewhat of off topic but I was wanting to know if blogs
սѕe WYSIWYG editorѕ or if you have to manually code with HTML.
I’m starting a blog soon but have no coding expertise
so I wanted to get guidance from someone with experience.
Any help wօuld be enoгmously apprecіated!
Feel free to visit my webpage; rtp live slot hari Ini
Woah! I’m really digging the template/theme of this website.
It’s simple, yet effective. A lot of times it’s challenging to get
that «perfect balance» between user friendliness and visual appearance.
I must say you’ve done a excellent job with this.
Additionally, the blog loads very fast for me on Safari.
Excellent Blog!
Hey there! This is my 1st comment here so I just wanted to give a quick shout
out and say I truly enjoy reading through your blog posts. Can you recommend any other blogs/websites/forums that go over the same subjects?
Thanks!
hi!,I love your writing very so much! percentage we communicate
extra about your article on AOL? I need a specialist on this area
to resolve my problem. Maybe that is you! Taking a look ahead to see you.
Really when someone doesn’t understand then its up to other
users that they will help, so here it happens.
It’s amazing for me to have a web site, which
is good for my experience. thanks admin
Hey There. I found your blog using msn. This is an extremely well written article.
I will make sure to bookmark it and return to read more of your useful info.
Thanks for the post. I’ll certainly return.
If some one wishes expert view on the topic of running a blog after that i advise him/her to pay a
visit this weblog, Keep up the nice job.
I every time spent my half an hour to read this webpage’s content all the time along with a
cup of coffee.
Heya excellent blog! Does running a blog like this require a lot of work?
I have no expertise in programming however I had been hoping to start
my own blog in the near future. Anyway, if you have any recommendations
or techniques for new blog owners please share.
I know this is off topic however I simply wanted to
ask. Thanks!
This design is spectacular! You obviously know how to keep a reader entertained.
Between your wit and your videos, I was almost moved to
start my own blog (well, almost…HaHa!) Excellent job.
I really loved what you had to say, and more than that,
how you presented it. Too cool!