En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I’d like to find out more? I’d care to find out some additional information.
This site was… how do I say it? Relevant!! Finally
I’ve found something which helped me. Kudos!
Good blog you have got here.. It’s difficult to find high quality writing like yours
these days. I really appreciate individuals like you!
Take care!!
Hello, i believe that i saw you visited my weblog
thus i came to go back the want?.I am trying to to find issues to
improve my site!I suppose its ok to make use of some of your concepts!!
Here is my site … slot via pulsa
Today, I went to the beach with my kids. I found a sea shell and gave it to my 4 year
old daughter and said «You can hear the ocean if you put this to your ear.» She put the shell to her ear and screamed.
There was a hermit crab inside and it pinched her ear.
She never wants to go back! LoL I know this is totally off topic
but I had to tell someone!
Excellent website. Plenty of useful information here.
I am sending it to several buddies ans additionally
sharing in delicious. And obviously, thank you on your effort!
my web page; situs judi poker online
Ahaa, its good discussion about this article at this place at this web
site, I have read all that, so now me also commenting here.
When I originally left a comment I seem to have clicked the -Notify me when new comments are
added- checkbox and from now on whenever a comment is added I receive 4 emails with the same
comment. Is there a way you are able to remove
me from that service? Appreciate it!
Great weblog here! Additionally your web site rather a lot up fast!
What host are you the usage of? Can I am getting your affiliate hyperlink on your host?
I want my site loaded up as fast as yours lol
Link exchange is nothing else but it is only placing the
other person’s weblog link on your page at proper place and other person will also
do same for you.
Hi! Would you mind if I share your blog with my facebook group?
There’s a lot of folks that I think would really enjoy your content.
Please let me know. Many thanks
I have been exploring for a little for any high quality articles or blog posts in this sort of
house . Exploring in Yahoo I finally stumbled upon this site.
Studying this information So i am satisfied to express
that I have a very excellent uncanny feeling I found out just what I needed.
I such a lot for sure will make sure to don?t disregard this web site and give it a glance on a constant basis.
you are in point of fact a excellent webmaster.
The web site loading speed is incredible. It kind of feels
that you are doing any unique trick. Furthermore, The contents are masterwork.
you have performed a magnificent activity on this matter!
Hi! I’ve been reading your site for some time now and finally got
the bravery to go ahead and give you a shout out from Houston Tx!
Just wanted to tell you keep up the fantastic work!
my web site slot pakai pulsa
What’s Going down i’m new to this, I stumbled upon this I’ve discovered It absolutely useful and it has aided
me out loads. I am hoping to give a contribution & help different customers like its helped me.
Great job.
Hey there, I think your blog might be having browser compatibility issues.
When I look at your blog in Chrome, it looks fine but when opening
in Internet Explorer, it has some overlapping.
I just wanted to give you a quick heads up! Other then that, excellent blog!
Fantastic blog you have here but I was curious if you knew of any message boards that
cover the same topics talked about here?
I’d really love to be a part of online community where I can get
suggestions from other knowledgeable people that
share the same interest. If you have any suggestions,
please let me know. Many thanks!
Wonderful items from you, man. I have be mindful your stuff prior to and you’re just extremely wonderful.
I really like what you have obtained right here, certainly like what you’re stating and the
way through which you assert it. You make it entertaining and you continue to care for
to stay it wise. I can’t wait to learn far more from you.
This is actually a tremendous web site.
It’s really very complicated in this full of activity life to listen news on Television, so I just use web for
that reason, and obtain the hottest news.
Hey there this is kind of of off topic but I was wanting to
know if blogs use WYSIWYG editors or if you have
to manually code with HTML. I’m starting a blog soon but have
no coding expertise so I wanted to get advice from someone with experience.
Any help would be enormously appreciated!
When someone writes an piece of writing he/she maintains the thought of a user in his/her mind that how a user
can understand it. Thus that’s why this post is outstdanding.
Thanks!
My blog – judi via pulsa
I constantly spent my half an hour to read this blog’s articles all the time along with a mug of coffee.
Feel free to visit my page judi sabung ayam online
I was able to find good information from your blog articles.
Does your blog have a contact page? I’m having trouble locating it but, I’d like to send you an e-mail.
I’ve got some ideas for your blog you might be interested in hearing.
Either way, great blog and I look forward
to seeing it improve over time.
It’s really very complicated in this busy life to listen news on TV, therefore
I only use the web for that reason, and get the hottest news.
Also visit my web-site … slot via pulsa
Your style is really unique compared to other people I have read stuff from.
I appreciate you for posting when you have the opportunity, Guess I’ll just book mark
this page.
I am sure this article has touched all the internet visitors, its really really good paragraph on building up new webpage.
Hey! I’m at work browsing your blog from my new apple iphone!
Just wanted to say I love reading your blog and look
forward to all your posts! Carry on the outstanding work!
Thanks for finally writing about > Seguridad en una
SAN Brocade III – Activar administración por HTTPS | Almacenamiento Abierto < Loved it!
After looking at a number of the blog posts on your blog, I honestly appreciate your technique of blogging.
I saved it to my bookmark website list and
will be checking back in the near future. Please visit my website as well and let me know what you think.
Have you ever thought about adding a little bit more than just your articles?
I mean, what you say is important and everything. Nevertheless
imagine if you added some great photos or video clips to give your posts more, «pop»!
Your content is excellent but with pics and clips,
this website could certainly be one of the greatest in its niche.
Good blog!
I am really grateful to the owner of this site who has shared this great paragraph
at here.
I am really enjoying the theme/design of your site. Do you
ever run into any internet browser compatibility
problems? A number of my blog readers have complained about my site not working correctly in Explorer but looks great in Safari.
Do you have any solutions to help fix this issue?
Superb blog! Do you have any suggestions for aspiring writers?
I’m hoping to start my own site soon but I’m a little
lost on everything. Would you recommend starting with a free platform like WordPress or go for a paid
option? There are so many options out there that I’m totally overwhelmed ..
Any suggestions? Thanks!
Wonderful goods from you, man. I’ve understand your stuff previous to and you are just
too magnificent. I really like what you’ve acquired here, really like what you’re stating
and the way in which you say it. You make it entertaining and
you still care for to keep it sensible. I can’t wait
to read much more from you. This is really a wonderful website.
It’s going to be finish of mine day, but before
end I am reading this fantastic post to increase my experience.
Hi, Neat post. There’s a problem together with your web site in web explorer, may check this?
IE still is the marketplace chief and a large element of other folks
will omit your great writing because of this problem.
Hi there! Quick question that’s completely off topic. Do you know how to
make your site mobile friendly? My site looks weird when viewing from my iphone 4.
I’m trying to find a theme or plugin that might be able to correct this issue.
If you have any suggestions, please share. Thank you!
Look into my web blog :: http://www.livebanteng.net
Hi, this weekend is fastidious in favor of me, for
the reason that this occasion i am reading this fantastic informative article
here at my home.
Howdy would you mind stating which blog platform you’re working with?
I’m going to start my own blog in the near future but I’m having a difficult
time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your layout seems different then most blogs and I’m looking for something unique.
P.S My apologies for getting off-topic but I had to ask!
I think the admin of this site is really working hard in support of his
site, since here every data is quality based stuff.
I do not know if it’s just me or if everyone else experiencing problems with your site.
It appears as though some of the text on your content are running off the screen. Can someone else please provide
feedback and let me know if this is happening to them as well?
This may be a issue with my browser because
I’ve had this happen previously. Many thanks
Hi there, its pleasant post concerning media print,
we all be aware of media is a impressive source of information.
Howdy! Do you know if they make any plugins to protect against hackers?
I’m kinda paranoid about losing everything I’ve worked hard
on. Any tips?
When I originally commented I clicked the «Notify me when new comments are added»
checkbox and now each time a comment is added I get four emails with the same comment.
Is there any way you can remove people from that service? Many thanks!
always i used to read smaller posts that as well
clear their motive, and that is also happening with
this post which I am reading now.
Excellent way of explaining, and nice paragraph to get data about my presentation focus, which i am
going to present in institution of higher education.
Thanks a lot for sharing this with all people you
really recognize what you are speaking approximately!
Bookmarked. Kindly additionally discuss with my website =).
We may have a hyperlink exchange agreement between us
I every time used to read piece of writing in news papers but now as I am a
user of web therefore from now I am using net for content,
thanks to web.
Hi, after reading this amazing piece of writing i am as well cheerful to share
my familiarity here with mates.