En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Greetings! Very useful advice within this article!
It is the little changes that produce the greatest changes.
Thanks a lot for sharing!
My spouse and I stumbled over here by a different website and thought I may as well check things out.
I like what I see so now i am following you. Look forward to looking over your web page repeatedly.
Hello it’s me, I am also visiting this web page daily, this website
is genuinely fastidious and the people are actually sharing nice thoughts.
Hi! This post couldn’t be written any better! Reading through this post reminds me of my previous room mate!
He always kept chatting about this. I will forward this page to him.
Pretty sure he will have a good read. Thank you for sharing!
Usually I don’t learn article on blogs, but I would like to say that this write-up very forced me to
take a look at and do it! Your writing taste has been surprised me.
Thank you, quite great post.
This article is really a fastidious one it assists new net
users, who are wishing for blogging.
With havin so much written content do you ever run into any issues of plagorism or copyright
violation? My blog has a lot of completely unique content I’ve either created
myself or outsourced but it looks like a lot
of it is popping it up all over the web without
my permission. Do you know any techniques to help prevent content from being ripped off?
I’d genuinely appreciate it.
Hi! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing many months of
hard work due to no backup. Do you have any solutions to stop hackers?
I think that is one of the most vital information for me.
And i’m glad studying your article. But should commentary on some common things,
The website taste is wonderful, the articles is actually great : D.
Good activity, cheers
It’s nearly impossible to find experienced people on this topic, but you seem like you know what you’re talking about!
Thanks
Amazing blog! Do you have any suggestions for aspiring writers?
I’m hoping to start my own blog soon but I’m a little lost on everything.
Would you propose starting with a free platform like WordPress
or go for a paid option? There are so many choices out there that I’m totally confused ..
Any suggestions? Thank you!
Why users still make use of to read news papers
when in this technological globe everything is existing on net?
An impressive share! I’ve just forwarded this onto a
co-worker who has been conducting a little homework on this.
And he actually bought me lunch due to the fact
that I stumbled upon it for him… lol. So allow me to reword
this…. Thanks for the meal!! But yeah, thanks for spending some time to discuss
this matter here on your web page.
It’s an remarkable piece of writing in support of all the online visitors; they will
take advantage from it I am sure.
Nice blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple adjustements would really
make my blog shine. Please let me know where you got your
theme. Kudos
Fantastic beat ! I would like to apprentice while you amend your site,
how can i subscribe for a blog website? The account aided
me a applicable deal. I were a little bit acquainted of this
your broadcast provided vibrant transparent idea
Heya! I’m at work surfing around your blog from my new iphone!
Just wanted to say I love reading your blog and look forward to all your posts!
Carry on the excellent work!
If you are going for finest contents like I do, only pay a visit this site all the time since it gives quality contents,
thanks
My partner and I stumbled over here from a different web address and thought I should check
things out. I like what I see so now i’m following you.
Look forward to exploring your web page yet again.
wonderful points altogether, you just gained a new reader.
What might you suggest about your publish that you
simply made some days in the past? Any sure?
Just desire to say your article is as surprising.
The clearness in your post is just spectacular and i can assume you are
an expert on this subject. Fine with your permission allow me
to grab your feed to keep up to date with forthcoming post.
Thanks a million and please carry on the gratifying work.
Hello, i think that i saw you visited my website thus i got here to go back the choose?.I am trying to
to find issues to improve my web site!I suppose its ok to make use of some of your ideas!!
This blog was… how do I say it? Relevant!! Finally I’ve found something which helped me.
Kudos!
Good write-up. I definitely love this site. Keep writing!
Hey there! This is kind of off topic but I need some advice from an established
blog. Is it hard to set up your own blog? I’m not very techincal but I can figure things out pretty fast.
I’m thinking about setting up my own but I’m not sure
where to begin. Do you have any points or suggestions?
Many thanks
Hi there! I just wanted to ask if you ever have any issues
with hackers? My last blog (wordpress) was hacked and I ended up losing
many months of hard work due to no backup. Do you have any methods to prevent hackers?
I’m gone to inform my little brother, that he should also pay
a quick visit this weblog on regular basis to obtain updated from hottest news update.
Hi, Neat post. There is a problem together with your web site in internet explorer, would test this?
IE nonetheless is the market leader and a
good portion of other folks will leave out your great writing due to this problem.
Hi there friends, how is everything, and what you wish for to say about
this article, in my view its truly amazing for me.
It’s truly very difficult in this full of activity life to listen news
on TV, thus I just use world wide web for that purpose, and take the
most up-to-date information.
I was very pleased to find this great site. I need to to thank
you for your time due to this wonderful read!! I definitely enjoyed every part of it and I have you saved to fav to
look at new stuff in your site.
Thank you for sharing your thoughts. I really appreciate your efforts and I will be
waiting for your further post thank you once again.
Hello there, just became alert to your blog through Google,
and found that it’s truly informative. I am gonna watch out for brussels.
I will appreciate if you continue this in future. Lots of people will be
benefited from your writing. Cheers!
of course like your web-site however you have to test the spelling on several of your posts.
Many of them are rife with spelling problems and I find it very troublesome to inform the truth then again I’ll certainly come again again.
Definitely believe that which you stated. Your favorite justification appeared to
be on the net the easiest thing to be aware of.
I say to you, I certainly get annoyed while people think about worries that they just do not know about.
You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people can take a signal.
Will likely be back to get more. Thanks
Hey are using WordPress for your blog platform?
I’m new to the blog world but I’m trying to get started and create my own. Do you need any html coding expertise to make
your own blog? Any help would be greatly appreciated!
Nice blog right here! Additionally your web site
rather a lot up fast! What web host are you the usage of?
Can I get your affiliate hyperlink for your host?
I wish my website loaded up as fast as yours lol
What’s up colleagues, nice paragraph and pleasant arguments
commented here, I am really enjoying by these.
It’s wonderful that you are getting ideas from this paragraph as well as from
our dialogue made at this time.
excellent publish, very informative. I ponder why the opposite specialists of this
sector don’t understand this. You must continue your writing.
I am confident, you have a great readers’ base already!
Please let me know if you’re looking for a writer for
your site. You have some really good posts and I feel I would be a good asset.
If you ever want to take some of the load off, I’d absolutely love to write some articles for your blog in exchange for a link
back to mine. Please send me an email if interested. Kudos!
I am truly delighted to read this website posts which consists of tons of useful
data, thanks for providing these statistics.
Marvelous, what a webpage it is! This webpage provides helpful
data to us, keep it up.
It’s in point of fact a great and useful piece of info. I am happy
that you just shared this helpful info with us. Please keep us informed like this.
Thanks for sharing.
It’s very easy to find out any topic on net as compared
to textbooks, as I found this post at this web
page.
Wow, awesome blog layout! How long have you been blogging for?
you made blogging look easy. The overall look of
your site is magnificent, as well as the content!
Magnificent beat ! I wish to apprentice while you amend your site, how could i subscribe for a weblog site?
The account helped me a appropriate deal. I were a little bit acquainted of this your broadcast provided vibrant clear
idea
Thanks for finally writing about > Seguridad en una SAN Brocade
III – Activar administración por HTTPS | Almacenamiento
Abierto < Liked it!
Thanks for sharing such a fastidious thinking, post
is fastidious, thats why i have read it fully
If you are going for finest contents like I do, only pay a
visit this site all the time as it offers quality contents, thanks