En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I’m amazed, I must say. Seldom do I encounter a blog that’s equally
educative and amusing, and without a doubt, you have hit the nail on the head.
The issue is something too few people are speaking intelligently about.
I am very happy that I stumbled across this in my hunt for something
relating to this.
Excellent beat ! I wish to apprentice whilst you amend your website,
how can i subscribe for a blog site? The account helped me a
appropriate deal. I had been a little bit acquainted of this your broadcast offered brilliant clear
concept
Great delivery. Solid arguments. Keep up the amazing effort.
Everything composed was very reasonable. But, what about this?
what if you typed a catchier title? I ain’t saying your content is
not good, but suppose you added a post title that makes people desire more?
I mean Seguridad en una SAN Brocade III – Activar administración por
HTTPS | Almacenamiento Abierto is kinda vanilla.
You could look at Yahoo’s front page and watch how they create
news titles to get people to open the links. You might add a video or a related picture or two to grab people interested about
what you’ve got to say. In my opinion, it might bring your posts
a little bit more interesting.
Very nice post. I just stumbled upon your weblog and wanted to say that
I’ve truly loved browsing your blog posts. After all I will be subscribing in your feed
and I hope you write again very soon!
My programmer is trying to convince me to move to .net
from PHP. I have always disliked the idea because of the
expenses. But he’s tryiong none the less. I’ve been using
Movable-type on numerous websites for about a year and am
worried about switching to another platform. I have heard fantastic things about blogengine.net.
Is there a way I can transfer all my wordpress content
into it? Any help would be really appreciated!
Very great post. I just stumbled upon your weblog and wanted
to say that I’ve truly enjoyed surfing around your blog posts.
After all I’ll be subscribing to your rss feed and I am hoping you
write again very soon!
I really like what you guys tend to be up too.
This sort of clever work and coverage! Keep up the amazing works guys I’ve
you guys to my own blogroll.
Ahaa, its fastidious conversation regarding this paragraph here at
this weblog, I have read all that, so now me also commenting
here.
Hey! Would you mind if I share your blog with my twitter group?
There’s a lot of people that I think would really enjoy your content.
Please let me know. Cheers
Aw, this was an incredibly good post. Spending some time
and actual effort to produce a top notch article… but what
can I say… I hesitate a whole lot and don’t manage to get anything done.
Wow, that’s what I was exploring for, what a stuff!
present here at this weblog, thanks admin of
this website.
Hi there, just became alert to your blog through Google, and found
that it’s truly informative. I’m gonna watch out
for brussels. I will appreciate if you continue this in future.
A lot of people will be benefited from your writing.
Cheers!
I was able to find good info from your blog articles.
I appreciate, cause I discovered just what I used to be
having a look for. You’ve ended my 4 day lengthy hunt!
God Bless you man. Have a nice day. Bye
Excellent goods from you, man. I’ve understand your stuff previous to and
you’re just extremely great. I actually like what you’ve acquired here, really like what you
are stating and the way in which you say it. You make it entertaining and
you still care for to keep it smart. I can’t wait to read much
more from you. This is actually a terrific web site.
I’m gone to say to my little brother, that he should also visit
this web site on regular basis to get updated from latest gossip.
Wow that was odd. I just wrote an very long comment but after I clicked submit my comment didn’t show up.
Grrrr… well I’m not writing all that over again. Anyway, just wanted to say great blog!
Hey! I’m at work surfing around your blog from my new iphone 4!
Just wanted to say I love reading through your blog and look forward to all
your posts! Carry on the outstanding work!
When I originally commented I clicked the «Notify me when new comments are added» checkbox and
now each time a comment is added I get several e-mails with the same
comment. Is there any way you can remove
me from that service? Appreciate it!
Hi, yup this piece of writing is actually nice and I have learned lot of things from it regarding blogging.
thanks.
I was excited to find this website. I wanted to thank you for ones time just for this wonderful read!!
I definitely really liked every little bit of it and i also have you saved as a favorite to look at new
things in your blog.
Feel free to surf to my homepage: ayam abar
Hey very nice blog!
I blog often and I seriously appreciate your information. Your article has really peaked my interest.
I am going to bookmark your site and keep checking
for new details about once per week. I opted
in for your RSS feed too.
Hi, I do believe this is an excellent site. I stumbledupon it 😉
I’m going to come back once again since I saved as a favorite it.
Money and freedom is the best way to change, may you be rich and
continue to guide others.
Hey I know this is off topic but I was wondering if you knew of
any widgets I could add to my blog that automatically tweet my newest twitter updates.
I’ve been looking for a plug-in like this for quite some time and was hoping
maybe you would have some experience with something like this.
Please let me know if you run into anything. I truly enjoy
reading your blog and I look forward to your new updates.
Excellent items from you, man. I’ve keep in mind your stuff previous to and you’re just too
wonderful. I really like what you have got here,
certainly like what you’re stating and the way in which you are saying it.
You make it entertaining and you still take care of to stay it wise.
I can not wait to read far more from you. That is
actually a great site.
You actually make it seem so easy with your presentation but I find this matter to be actually something which I think I would never understand.
It seems too complex and extremely broad for me. I am looking forward for your next post, I’ll
try to get the hang of it!
you are in point of fact a just right webmaster. The website loading velocity is incredible.
It kind of feels that you’re doing any distinctive trick.
Also, The contents are masterwork. you’ve done a wonderful task on this matter!
My spouse and I stumbled over here by a different web address
and thought I should check things out. I like what I see so now i am
following you. Look forward to looking into your web page repeatedly.
Fine way of explaining, and nice post to obtain data concerning my presentation subject
matter, which i am going to present in academy.
Right here is the right webpage for everyone who wants to understand
this topic. You understand so much its almost hard to argue with you (not that I really will need to…HaHa).
You certainly put a new spin on a subject which has been written about for many years.
Wonderful stuff, just excellent!
Hello! I just wanted to ask if you ever have any trouble
with hackers? My last blog (wordpress) was hacked and I ended up losing many months of hard work due
to no backup. Do you have any solutions to stop hackers?
Amazing! This blog looks exactly like my old one!
It’s on a entirely different subject but it has pretty
much the same layout and design. Wonderful choice of
colors!
This post is priceless. When can I find out more?
Thanks for a marvelous posting! I genuinely enjoyed reading it, you’re a great author.
I will make sure to bookmark your blog and will often come back someday.
I want to encourage one to continue your great posts,
have a nice evening!
What’s up, all is going sound here and ofcourse every one is sharing information, that’s genuinely good, keep up writing.
This piece of writing is truly a good one it helps new web viewers, who are wishing in favor of blogging.
Hi, I do think your website could possibly be having web browser
compatibility problems. When I take a look at your site in Safari, it looks fine however when opening in IE, it has
some overlapping issues. I simply wanted to give you a quick heads up!
Aside from that, great blog!
When some one searches for his vital thing, so he/she desires to be available that in detail, therefore that thing is maintained over here.
At this time I am ready to do my breakfast, once having my breakfast coming over again to read
more news.
Wow that was unusual. I just wrote an incredibly long comment but after I
clicked submit my comment didn’t show up. Grrrr…
well I’m not writing all that over again. Anyway, just wanted to say wonderful blog!
I used to be able to find good advice from your content.
Greetings! Very helpful advice in this particular article!
It’s the little changes that make the greatest changes.
Many thanks for sharing!
There’s definately a lot to know about this issue. I really like all the points you’ve made.
Hi there, its good paragraph concerning media print, we all be aware of media is a fantastic source
of information.
My web-site agen s128 sabung ayam
Hey! Do you know if they make any plugins to safeguard against hackers?
I’m kinda paranoid about losing everything I’ve worked
hard on. Any tips?
I am truly grateful to the owner of this web page who has shared this great post at
at this time.
Pretty great post. I simply stumbled upon your blog and wanted to mention that I have really enjoyed browsing your blog posts.
After all I’ll be subscribing on your rss feed and I am hoping
you write once more very soon!
Hey there! I know this is kinda off topic but I was
wondering which blog platform are you using for this website?
I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at alternatives for
another platform. I would be fantastic if you could point me in the direction of a good platform.