En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
You really make it seem really easy along with your presentation but
I in finding this topic to be really one thing that I feel I might by no means understand.
It seems too complicated and very wide for me. I’m looking forward for your subsequent submit, I will attempt to get the cling
of it!
I have read so many content concerning the blogger lovers however this article is truly
a pleasant article, keep it up.
It’s actually a cool and useful piece of info. I’m glad that you just shared this helpful information with us.
Please stay us informed like this. Thanks for sharing.
Howdy! I know this is kind of off topic but I was wondering if you
knew where I could get a captcha plugin for my comment form?
I’m using the same blog platform as yours and I’m having difficulty finding one?
Thanks a lot!
This is a topic that is near to my heart… Take care!
Where are your contact details though?
Hey there! Quick question that’s totally off topic. Do you know how to make your site mobile friendly?
My website looks weird when browsing from my apple iphone.
I’m trying to find a theme or plugin that might be
able to fix this issue. If you have any suggestions, please share.
Thank you!
I was wondering if you ever considered changing the layout of your
site? Its very well written; I love what youve got to say.
But maybe you could a little more in the way of content so people could connect with it better.
Youve got an awful lot of text for only having one or two pictures.
Maybe you could space it out better?
I truly love your website.. Pleasant colors & theme.
Did you make this amazing site yourself? Please
reply back as I’m looking to create my own site and would like to learn where you got this from or
just what the theme is named. Thanks!
Thankfulness to my father who informed me on the topic of this blog, this web
site is genuinely awesome.
Way cool! Some very valid points! I appreciate you writing this article and the rest of the website is also really good.
If you are going for best contents like myself, simply pay a quick visit
this site every day since it provides feature contents, thanks
It’s going to be ending of mine day, but before ending I am reading this enormous paragraph to increase my know-how.
I know this if off topic but I’m looking into starting
my own weblog and was wondering what all is required to get set up?
I’m assuming having a blog like yours would cost a pretty penny?
I’m not very web savvy so I’m not 100% positive. Any recommendations
or advice would be greatly appreciated. Thank
you
I’m not sure exactly why but this site is loading very slow for me.
Is anyone else having this problem or is it a
issue on my end? I’ll check back later and see if the problem still exists.
Hello to every one, the contents existing at this web page are really
remarkable for people knowledge, well, keep up the nice work fellows.
My spouse and I absolutely love your blog and find almost all
of your post’s to be exactly I’m looking for. can you offer
guest writers to write content available for you?
I wouldn’t mind publishing a post or elaborating on most of the
subjects you write with regards to here. Again, awesome website!
Everything is very open with a precise description of the challenges.
It was really informative. Your website is extremely helpful.
Thanks for sharing!
Hi i am kavin, its my first occasion to commenting anywhere,
when i read this article i thought i could also make comment due to this good piece of writing.
Heya! I just wanted to ask if you ever have any issues with hackers?
My last blog (wordpress) was hacked and I ended up losing a few months
of hard work due to no back up. Do you have any solutions to prevent hackers?
What’s up to all, because I am actually keen of reading this blog’s post
to be updated daily. It consists of fastidious material.
Very good article. I definitely love this website.
Stick with it!
Here is my web-site :: slot via pulsa
What a material of un-ambiguity and preserveness of precious experience about
unpredicted emotions.
I used to be able to find good advice from your content.
Keep on working, great job!
What’s up to all, how is the whole thing, I think every one is getting more from this website,
and your views are pleasant in favor of new visitors.
Hi there, its nice paragraph about media print, we all know media is a wonderful
source of information.
I love your blog.. very nice colors & theme. Did you design this website yourself or did you hire someone to do it
for you? Plz answer back as I’m looking to design my own blog
and would like to find out where u got this from.
many thanks
Fastidious answer back in return of this matter with real arguments and explaining all about that.
It’s in reality a great and helpful piece of information. I am glad
that you just shared this useful information with us.
Please keep us informed like this. Thank you for
sharing.
Hey There. I discovered your weblog the use of msn. That is
a very neatly written article. I’ll be sure to bookmark it and come back to
read extra of your useful info. Thank you for the post. I’ll certainly comeback.
Hello I am so grateful I found your webpage, I really found you by accident, while
I was searching on Yahoo for something else, Nonetheless I am here now and would
just like to say many thanks for a fantastic post and a all round
entertaining blog (I also love the theme/design), I don’t have time to read it all
at the minute but I have saved it and also added your RSS feeds, so when I have time I will be back to
read much more, Please do keep up the great b.
my site; https://fcbarcelona-indonesia.com
Thankfulness to my father who shared with me regarding this blog, this webpage
is truly awesome.
Here is my web blog: slot deposit via pulsa
Wonderful, what a blog it is! This blog gives
valuable information to us, keep it up.
If you wish for to improve your experience just keep visiting this website and
be updated with the newest information posted here.
Does your website have a contact page? I’m having problems locating it but, I’d like to shoot you an email.
I’ve got some ideas for your blog you might be interested in hearing.
Either way, great website and I look forward to seeing it grow over time.
Appreciate this post. Will try it out.
Magnificent website. Plenty of useful info here. I am sending it to several pals ans additionally sharing in delicious.
And of course, thanks for your effort!
fantastic points altogether, you simply gained a brand new reader.
What may you recommend in regards to your publish that you just made a few days in the past?
Any sure?
I always emailed this webpage post page to all my friends, because if like to read it after that my links will too.
These are really impressive ideas in on the topic of blogging.
You have touched some fastidious factors here. Any way keep up
wrinting.
Very nice post. I just stumbled upon your blog and wished
to say that I’ve truly loved surfing around your weblog posts.
After all I’ll be subscribing to your rss feed and I hope
you write again soon!
I know this if off topic but I’m looking into starting my own weblog and
was wondering what all is required to get setup? I’m assuming having a
blog like yours would cost a pretty penny? I’m not very web savvy so I’m not 100% positive.
Any suggestions or advice would be greatly appreciated.
Kudos
Yes! Finally something about Situs Slot Gacor 2022.
I all the time used to study piece of writing in news papers but now
as I am a user of net so from now I am using net for articles, thanks to
web.
I need to to thank you for this fantastic read!! I certainly loved every bit of it.
I’ve got you book-marked to check out new stuff you post…
Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter
updates. I’ve been looking for a plug-in like this
for quite some time and was hoping maybe you would
have some experience with something like this.
Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.
Everything is very open with a really clear explanation of the challenges.
It was definitely informative. Your website
is useful. Many thanks for sharing!
My family always say that I am killing my time here at net, except I know
I am getting familiarity daily by reading such pleasant posts.
Wow, this paragraph is fastidious, my sister is analyzing
these things, therefore I am going to convey her.
Its like you read my mind! You appear to know a lot about this, like you wrote
the book in it or something. I think that you can do with some pics to drive the message home a bit,
but instead of that, this is magnificent blog. An excellent read.
I will definitely be back.