En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I’m no longer certain where you’re getting your information, however good topic.
I needs to spend some time learning much more or working out more.
Thanks for excellent information I was looking for this information for my mission.
Hi every one, here every one is sharing these kinds of know-how, so it’s nice to read this weblog, and I used to pay a quick
visit this web site every day.
What’s up, just wanted to say, I enjoyed this article.
It was practical. Keep on posting!
Hey there! I understand this is somewhat off-topic but I needed to ask.
Does building a well-established website such as yours take a large amount
of work? I’m brand new to running a blog however I do write
in my diary daily. I’d like to start a blog so I will be able to share my personal experience and feelings online.
Please let me know if you have any ideas or tips for new aspiring blog
owners. Appreciate it!
If some one desires to be updated with most up-to-date
technologies after that he must be pay a visit this website and be up to date daily.
I’m gone to inform my little brother, that he should also visit this website on regular basis
to get updated from most up-to-date news update.
What’s Happening i’m new to this, I stumbled upon this I have
found It positively helpful and it has aided me out
loads. I am hoping to give a contribution & aid other
users like its helped me. Great job.
Look into my blog; judi online terpercaya
Pretty section of content. I just stumbled upon your blog and in accession capital to assert that I get
actually enjoyed account your blog posts. Any way
I’ll be subscribing to your augment and even I achievement
you access consistently rapidly.
Incredible story there. What happened after? Good luck!
That is really interesting, You’re an excessively skilled blogger.
I have joined your rss feed and look forward to in quest of more of your fantastic post.
Also, I’ve shared your web site in my social networks
For most up-to-date information you have to pay a quick
visit web and on the web I found this web page as a best web page for hottest
updates.
Great post.
Since the admin of this web page is working, no hesitation very soon it
will be famous, due to its quality contents.
This is my first time visit at here and i am
really happy to read everthing at one place.
This design is incredible! You obviously know how to keep a reader entertained.
Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Fantastic job.
I really loved what you had to say, and more than that, how you presented it.
Too cool!
Heya i’m for the primary time here. I came across this board and I in finding It truly helpful & it helped me out much.
I am hoping to provide one thing again and help others such as you helped me.
Excellent goods from you, man. I have understand
your stuff previous to and you’re just extremely great. I really like what you have acquired here, certainly like
what you are stating and the way in which you say it. You make it entertaining and you still take care of to keep it wise.
I can not wait to read far more from you. This
is really a terrific website.
Hi there everybody, here every person is sharing these know-how, thus it’s nice to read this weblog, and I used
to visit this webpage everyday.
Good day! Would you mind if I share your blog with my twitter group?
There’s a lot of people that I think would really appreciate your content.
Please let me know. Thank you
Hey very interesting blog!
you are in point of fact a just right webmaster. The web site loading pace is amazing.
It kind of feels that you’re doing any distinctive trick.
In addition, The contents are masterwork.
you have performed a magnificent activity on this
topic!
There is definately a great deal to find out about this issue.
I like all of the points you’ve made.
I don’t even know how I ended up here, but I thought this post
was great. I do not know who you are but certainly you are going to a famous blogger if
you are not already 😉 Cheers!
Hey very interesting blog!
Thanks for finally talking about > Seguridad en una
SAN Brocade III – Activar administración por HTTPS |
Almacenamiento Abierto < Loved it!
If you wish for to obtain a good deal from this post then you have to apply these techniques to your won website.
Thank you for any other wonderful article. The place else could anyone get that type of info in such
a perfect manner of writing? I have a presentation next week, and I’m at the search for such
information.
Thanks for the good writeup. It actually was a leisure account it.
Glance complicated to more delivered agreeable from you!
However, how could we keep in touch?
When I initially commented I clicked the «Notify me when new comments are added» checkbox and now each time a comment is
added I get several e-mails with the same comment. Is there any way you can remove me from that service?
Thanks!
I like what you guys are usually up too. Such clever work and exposure!
Keep up the awesome works guys I’ve added you guys to my own blogroll.
I’m extremely pleased to discover this website.
I want to to thank you for ones time for this particularly fantastic read!!
I definitely liked every little bit of it and i also have
you book marked to see new stuff on your blog.
It’s wonderful that you are getting thoughts from this paragraph as well as from our
discussion made at this time.
Very good website you have here but I was curious about if you
knew of any discussion boards that cover the same topics talked
about here? I’d really like to be a part of community where I can get
comments from other experienced people that share the same
interest. If you have any suggestions, please let
me know. Cheers!
Good post. I definitely appreciate this site. Thanks!
Hello, I read your blog regularly. Your humoristic style
is awesome, keep up the good work!
It’s hard to come by experienced people on this subject,
however, you seem like you know what you’re talking about!
Thanks
Feel free to visit my web site: https://kungfuchicken.xyz/
It is the best time to make some plans for the
long run and it is time to be happy. I’ve learn this post and if I may I wish to counsel you some
attention-grabbing issues or advice. Perhaps you could write subsequent articles referring to this article.
I wish to learn more things about it!
Hello very nice site!! Man .. Excellent .. Amazing ..
I’ll bookmark your site and take the feeds additionally?
I’m happy to search out numerous useful info here in the post, we’d like develop more techniques on this regard, thanks for sharing.
. . . . .
I have been exploring for a bit for any high quality articles or weblog posts in this sort of space .
Exploring in Yahoo I eventually stumbled upon this website.
Studying this information So i am glad to convey that I’ve a very just right uncanny feeling I discovered
exactly what I needed. I so much unquestionably will make sure to do not put out of your
mind this web site and give it a look on a continuing basis.
I blog frequently and I truly thank you for your information. The
article has really peaked my interest. I am going
to take a note of your blog and keep checking for new details about
once a week. I subscribed to your RSS feed too.
It’s an remarkable piece of writing for all the online people; they will obtain benefit from it I am sure.
It is actually a great and useful piece of info.
I am satisfied that you simply shared this useful info with us.
Please keep us up to date like this. Thank you for sharing.
Hi, i think that i saw you visited my weblog
so i came to “return the favorâ€.I am attempting to find things to improve my web site!I suppose its ok
to use a few of your ideas!!
I truly love your website.. Very nice colors & theme.
Did you create this website yourself? Please reply back as I’m wanting to
create my own website and want to know where you got this from or exactly what the theme is named.
Many thanks!
Look at my web-site :: https://kabarutama.net/
It is the best time to make some plans for the
future and it’s time to be happy. I’ve read this post and if I could I desire to suggest you few interesting things or suggestions.
Maybe you could write next articles referring to this
article. I wish to read more things about it!
I don’t even know how I ended up here, but I thought this post was
great. I don’t know who you are but certainly you’re going to a famous
blogger if you are not already 😉 Cheers!
Wow! Finally I got a web site from where I know how to
in fact take helpful facts regarding my study and knowledge.
What’s up to every one, because I am in fact keen of reading this webpage’s post to be updated
regularly. It contains nice information.
I am really grateful to the holder of this web site who has
shared this enormous piece of writing at at this time.
This post will assist the internet viewers for creating new blog or even a blog from start
to end.