En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
I know this if off topic but I’m looking into starting my own weblog and was
curious what all is needed to get setup? I’m assuming having a blog like
yours would cost a pretty penny? I’m not very web smart so
I’m not 100% sure. Any suggestions or advice would be greatly appreciated.
Many thanks
bookmarked!!, I really like your website!
Hello there, just became alert to your blog
through Google, and found that it is truly informative.
I am gonna watch out for brussels. I will appreciate if you continue
this in future. A lot of people will be benefited from your writing.
Cheers!
Here is my blog post – https://bandaragenterpercaya.com/
Hello just wanted to give you a brief heads up and let you know a few of the pictures aren’t loading
properly. I’m not sure why but I think its
a linking issue. I’ve tried it in two different browsers and both
show the same results.
I pay a visit daily some web sites and information sites to
read articles, but this weblog provides feature based posts.
Appreciating the persistence you put into your site and detailed information you present.
It’s awesome to come across a blog every once in a while that isn’t the same unwanted rehashed information. Fantastic
read! I’ve saved your site and I’m including your RSS feeds to my Google account.
It’s perfect time to make some plans for the future and it’s time to be happy.
I have read this post and if I could I want
to suggest you few interesting things or tips. Perhaps you could write next articles
referring to this article. I desire to read even more things
about it!
Generally I don’t read article on blogs, but I wish to
say that this write-up very forced me to try and do
it! Your writing style has been amazed me. Thanks,
quite nice article.
I got this site from my pal who informed me concerning this
site and now this time I am visiting this site and reading very informative
articles or reviews at this time.
Amazing! This blog looks exactly like my old one! It’s on a entirely different subject
but it has pretty much the same page layout and design. Superb choice of colors!
I am truly thankful to the holder of this web site who has shared this
fantastic post at at this time.
Hi terrific blog! Does running a blog similar to this take a great deal of work?
I have virtually no expertise in programming but I was hoping to start
my own blog soon. Anyways, if you have any suggestions or techniques for new blog owners please
share. I know this is off subject however I simply wanted to ask.
Many thanks!
Howdy just wanted to give you a quick heads up. The words in your post
seem to be running off the screen in Chrome.
I’m not sure if this is a formatting issue or something to do with browser compatibility but I figured
I’d post to let you know. The style and design look great though!
Hope you get the problem fixed soon. Kudos
Hi my loved one! I wish to say that this post is awesome,
nice written and include almost all significant infos.
I’d like to see extra posts like this .
Hello, Neat post. There is a problem together with your
web site in internet explorer, may test this? IE still is the market leader and a good
section of other folks will miss your fantastic writing because of this problem.
There is certainly a lot to find out about this issue.
I like all of the points you have made.
Great information. Lucky me I discovered your website by accident (stumbleupon).
I’ve book-marked it for later!
Hello There. I found your blog using msn. This is a really well written article.
I’ll make sure to bookmark it and come back to read
more of your useful info. Thanks for the post. I’ll definitely comeback.
I loved as much as you’ll receive carried out right here.
The sketch is attractive, your authored material stylish. nonetheless, you
command get bought an edginess over that you wish be delivering the following.
unwell unquestionably come further formerly again as exactly the same
nearly a lot often inside case you shield this increase.
We stumbled over here different web address and thought I may as well check things out.
I like what I see so i am just following you. Look forward to looking at your web page again.
Hi there! I know this is somewhat off topic but I was wondering which blog platform are you using for this website?
I’m getting fed up of WordPress because I’ve had
issues with hackers and I’m looking at alternatives
for another platform. I would be awesome if you could point
me in the direction of a good platform.
Nice replies in return of this difficulty with solid arguments and telling all about that.
With havin so much content do you ever run into any problems of plagorism or copyright infringement?
My blog has a lot of exclusive content I’ve either written myself or outsourced but it seems a
lot of it is popping it up all over the internet without my permission. Do you know any solutions to help stop content from being stolen? I’d definitely appreciate it.
I am genuinely delighted to read this web site posts which carries lots of helpful data,
thanks for providing these data.
I’m amazed, I have to admit. Seldom do I encounter a blog that’s equally educative and engaging,
and without a doubt, you have hit the nail on the head. The problem
is an issue that not enough men and women are speaking intelligently about.
I’m very happy I came across this in my search for something concerning this.
hi!,I like your writing very so much! percentage we keep in touch more about your article on AOL?
I need a specialist on this area to resolve my problem.
May be that is you! Taking a look forward
to peer you.
Great delivery. Great arguments. Keep up the amazing effort.
My homepage; https://aduayamsabung.com
Hi there it’s me, I am also visiting this site regularly, this site is truly pleasant and the users are genuinely sharing
fastidious thoughts.
When I originally commented I seem to have clicked the -Notify
me when new comments are added- checkbox and now whenever
a comment is added I recieve four emails with the same comment.
Perhaps there is a way you are able to remove me from that service?
Many thanks!
Hey there, I think your blog might be having browser compatibility issues.
When I look at your blog site in Ie, it looks fine but when opening in Internet Explorer, it has some overlapping.
I just wanted to give you a quick heads up! Other then that, very good blog!
What’s up, just wanted to tell you, I liked this article.
It was practical. Keep on posting!
You actually make it seem so easy with your presentation but I find this matter to
be really something that I think I would never understand.
It seems too complex and extremely broad for me. I am looking forward for your
next post, I’ll try to get the hang of it!
Hello there, just became aware of your blog through Google, and found that it is truly informative.
I’m gonna watch out for brussels. I’ll be grateful if you continue this in future.
Numerous people will be benefited from your writing.
Cheers!
Wow that was strange. I just wrote an extremely long comment but after I clicked submit my
comment didn’t appear. Grrrr… well I’m not writing all that over again. Regardless,
just wanted to say fantastic blog!
Hurrah! In the end I got a weblog from where I can genuinely get
valuable facts concerning my study and knowledge.
hello there and thank you for your info – I
have certainly picked up something new from right here.
I did however expertise some technical issues using this web site, as I experienced
to reload the site lots of times previous to I could get
it to load properly. I had been wondering if your web host is OK?
Not that I’m complaining, but sluggish loading instances times
will very frequently affect your placement in google and
can damage your high-quality score if ads and marketing with Adwords.
Anyway I’m adding this RSS to my email and could look out for much more of your respective fascinating content.
Make sure you update this again soon.
Heya great website! Does running a blog such as this require a great deal of work?
I have absolutely no understanding of coding but I had been hoping to start my own blog in the near future.
Anyhow, should you have any ideas or tips for new blog owners
please share. I understand this is off subject however I simply needed
to ask. Thanks a lot!
The other day, while I was at work, my cousin stole my iphone and tested
to see if it can survive a forty foot drop, just so she can be a youtube sensation.
My iPad is now destroyed and she has 83 views.
I know this is totally off topic but I had to share it with someone!
Wonderful work! This is the kind of info that are supposed to be shared around the net.
Disgrace on the search engines for not positioning this put
up upper! Come on over and consult with my web site .
Thanks =)
Hey There. I found your weblog using msn. This is a really
neatly written article. I will be sure to bookmark it and come back to learn more of your helpful info.
Thank you for the post. I’ll definitely comeback.
Really no matter if someone doesn’t know after that its up to other people
that they will help, so here it happens.
It’s not my first time to visit this website, i am visiting this site dailly and
obtain good information from here everyday.
Its like you read my mind! You seem to know so much approximately this, such as you
wrote the guide in it or something. I think that you can do with a few p.c.
to pressure the message house a bit, but other than that,
that is magnificent blog. A fantastic read. I’ll definitely be back.
I have been browsing online more than three hours as of late, but I never found
any interesting article like yours. It’s pretty price enough for me.
Personally, if all webmasters and bloggers made excellent content material as you did, the internet
shall be much more useful than ever before.
I simply could not go away your site before suggesting that I actually loved
the usual info an individual provide in your guests? Is gonna be
again continuously in order to inspect new posts
Undeniably consider that that you stated. Your favourite justification seemed to be at the web the easiest thing to be mindful of.
I say to you, I certainly get irked at the same time as other people think about issues that they plainly do not recognize about.
You managed to hit the nail upon the top as well as defined out the
whole thing with no need side-effects , other people could take
a signal. Will probably be back to get more. Thank you
Remarkable! Its in fact amazing post, I
have got much clear idea concerning from this piece of
writing. ps4 https://bit.ly/3z5HwTp ps4 games
These are genuinely fantastic ideas in about blogging.
You have touched some pleasant points here.
Any way keep up wrinting.
great post, very informative. I ponder why the other experts of this sector do not notice this.
You should continue your writing. I’m confident, you’ve a huge readers’
base already!
[…] En éste caso, al denegarse el acceso por HTTP no se dispondrá de la interfaz de administración WEB TOOLS, para activar su acceso por HTTPS ver post Seguridad en una SAN Brocade III – Activar administración por HTTPS. […]