En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Hey very interesting blog!
Yes! Finally something about http://zaday-vopros.ru/index.php?qa=user&qa_1=actorquilt5.
Hi there, just wanted to tell you, I liked this post.
It was funny. Keep on posting!
It’s genuinely very complicated in this active life
to listen news on TV, therefore I just use the web for that purpose, and obtain the newest information.
I have read so many posts concerning the blogger lovers except this piece of
writing is actually a good post, keep it up.
Hey there, I think your site might be having browser compatibility issues.
When I look at your website in Firefox, it looks fine but when opening in Internet Explorer,
it has some overlapping. I just wanted to give you a quick
heads up! Other then that, terrific blog!
Hello to every body, it’s my first go to see of this webpage; this blog contains amazing and really excellent data in support of
readers.
Fantastic beat ! I would like to apprentice while you amend
your web site, how could i subscribe for a blog website?
The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast offered
bright clear concept
I read this post completely on the topic of the difference of newest and earlier technologies,
it’s awesome article.
You’re so awesome! I do not suppose I have read anything like this before.
So great to discover another person with some original thoughts on this topic.
Seriously.. thanks for starting this up. This site is one thing that’s needed on the internet, someone with a little originality!
This web site certainly has all of the information I needed about
this subject and didn’t know who to ask.
Very good blog you have here but I was curious if you knew of
any community forums that cover the same topics discussed in this article?
I’d really love to be a part of online community where I can get opinions from other knowledgeable individuals
that share the same interest. If you have any recommendations, please let me know.
Thanks a lot!
I needed to thank you for this fantastic read!! I definitely loved every bit
of it. I’ve got you saved as a favorite to check out
new stuff you post…
Feel free to visit my website … slot idn via pulsa
It’s going to be end of mine day, except before finish I am reading this
great post to increase my experience.
This page really has all the information and facts I wanted about
this subject and didn’t know who to ask.
Everyone loves it when people come together and share ideas.
Great blog, stick with it!
Hey There. I found your blog using msn. This is a really well written article.
I will be sure to bookmark it and come back to read more of
your useful information. Thanks for the post.
I will certainly return.
What’s Happening i am new to this, I stumbled upon this I have discovered It positively helpful and
it has helped me out loads. I’m hoping to give a contribution &
aid different customers like its helped me. Good job.
Howdy would you mind letting me know which webhost you’re working with?
I’ve loaded your blog in 3 different web browsers and I must say
this blog loads a lot quicker then most. Can you recommend a good hosting provider
at a fair price? Cheers, I appreciate it!
I visited multiple blogs however the audio quality for audio
songs existing at this web site is really fabulous.
I visited multiple blogs however the audio quality for audio
songs existing at this web site is really fabulous.
Very nice post. I just stumbled upon your weblog and wished
to say that I have truly enjoyed browsing your blog posts.
In any case I’ll be subscribing to your rss feed and I hope you
write again very soon!
What’s up, after reading this awesome paragraph i am
too delighted to share my experience here with colleagues.
Great web site you have got here.. It’s hard to find good quality writing like yours nowadays.
I honestly appreciate individuals like you! Take care!!
Here is my blog poker via pulsa
Wow, fantastic blog format! How lengthy have you ever been blogging
for? you made blogging glance easy. The whole look of your
site is wonderful, let alone the content material!
Also visit my web page: sabung ayam online
I think what you posted made a lot of sense.
However, what about this? what if you were to write a killer headline?
I am not saying your content is not solid., however what if you added something that grabbed people’s attention? I mean Seguridad en una SAN Brocade III – Activar administración por HTTPS | Almacenamiento Abierto is a little plain.
You could peek at Yahoo’s front page and note how
they create news titles to get people to click.
You might try adding a video or a related picture or two to
get people excited about what you’ve got to say. Just my opinion, it could bring your blog
a little bit more interesting.
If you wish for to get a good deal from this post then you have to apply such strategies
to your won web site.
Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your
webpage? My blog is in the exact same niche as yours and my users would genuinely benefit from some of
the information you provide here. Please let me know if this alright with you.
Thanks a lot!
Just want to say your article is as astounding. The clarity for your post is simply spectacular and that i could think
you’re knowledgeable on this subject. Fine along with your permission allow me to grab your RSS feed to stay updated with coming near near post.
Thanks a million and please keep up the enjoyable work.
Thanks a lot for sharing this with all of us you really realize what
you are talking about! Bookmarked. Please also visit my web site =).
We could have a hyperlink alternate arrangement between us
Article writing is also a excitement, if you be familiar with
afterward you can write or else it is complicated to write.
Magnificent goods from you, man. I have take
into account your stuff previous to and you’re simply too magnificent.
I really like what you have acquired here, certainly like what you are stating and the
way during which you say it. You’re making it enjoyable and you continue to take care of to stay it smart.
I cant wait to read much more from you. This is
really a tremendous web site.
Hurrah, that’s what I was seeking for, what a material!
present here at this weblog, thanks admin of this website.
You’re so awesome! I do not believe I’ve truly read something like this before.
So wonderful to find someone with genuine thoughts on this
issue. Seriously.. thank you for starting this up. This website
is something that is required on the internet, someone with some originality!
You can certainly see your enthusiasm within the work you
write. The arena hopes for even more passionate writers such as you who aren’t afraid
to say how they believe. All the time go after your heart.
Thanks very nice blog!
Everything is very open with a very clear clarification of the challenges.
It was definitely informative. Your site is useful.
Thank you for sharing!
Hi, i believe that i noticed you visited my weblog thus i got here to go back the favor?.I’m trying
to to find issues to enhance my web site!I guess its good enough to
use a few of your ideas!!
Marvelous, what a webpage it is! This web site presents helpful information to us, keep it up.
Thanks in favor of sharing such a good opinion, article is fastidious, thats why i have read it entirely
I’m curious to find out what blog platform you happen to be using?
I’m having some minor security issues with my latest
blog and I would like to find something more safeguarded.
Do you have any suggestions?
You made some good points there. I checked on the internet
to learn more about the issue and found most people will go along
with your views on this website.
Do you have a spam issue on this blog; I also am a blogger, and I was wanting to know your situation; many of us have created some nice
procedures and we are looking to swap methods with other folks, please shoot me an email if interested.
I think this is among the most important information for me.
And i’m glad reading your article. But want to remark on some general things,
The website style is great, the articles is really
excellent : D. Good job, cheers
It’s hard to find experienced people on this topic,
but you sound like you know what you’re talking about!
Thanks
Since the admin of this website is working, no doubt very quickly it will be
famous, due to its feature contents.
I take pleasure in, result in I discovered exactly what I was looking
for. You have ended my 4 day lengthy hunt! God Bless you man. Have
a great day. Bye
naturally like your website however you have to take a look at the
spelling on quite a few of your posts. Several of them are rife with spelling
issues and I find it very bothersome to tell the reality however
I’ll definitely come again again.
This blog was… how do I say it? Relevant!! Finally I have
found something which helped me. Thank you!
Its like you read my mind! You seem to know so much about this, like you wrote the book in it or something.
I think that you could do with some pics to drive the message
home a little bit, but instead of that, this is wonderful blog.
A great read. I will definitely be back.