En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Very rapidly this site will be famous amid all blogging viewers, due to it’s good posts
Hi there mates, pleasant post and good urging commented
here, I am in fact enjoying by these.
You really make it appear really easy with your presentation however I find
this topic to be really one thing which I believe I might by no means understand.
It sort of feels too complicated and extremely vast for me.
I am taking a look forward on your next put up, I’ll try
to get the grasp of it!
you are really a just right webmaster. The website loading pace is incredible.
It sort of feels that you are doing any unique trick.
In addition, The contents are masterpiece. you’ve performed a excellent process in this subject!
Good article. I absolutely appreciate this website. Keep writing!
I don’t even know the way I ended up here, but I thought this post was great.
I do not understand who you’re however definitely you are going to a well-known blogger
in the event you aren’t already. Cheers!
Great post. I was checking constantly this weblog and I’m inspired!
Very useful information particularly the last part 🙂 I take
care of such information a lot. I was seeking this
particular information for a long time. Thanks and best of luck.
When someone writes an article he/she keeps the thought of a user in his/her mind that
how a user can know it. Therefore that’s why this post is amazing.
Thanks!
you’re really a just right webmaster. The site loading velocity is incredible.
It seems that you’re doing any unique trick.
Also, The contents are masterpiece. you’ve performed a
great activity in this topic!
I really like your blog.. very nice colors & theme. Did you
make this website yourself or did you hire someone to
do it for you? Plz reply as I’m looking to construct my own blog and would like to find out where u got this from.
kudos
Hola! I’ve been following your web site for a while now
and finally got the bravery to go ahead and give you a shout out from Dallas Texas!
Just wanted to tell you keep up the fantastic work!
Can you tell us more about this? I’d want to find
out some additional information.
Wonderful blog! Do you have any hints for aspiring writers?
I’m planning to start my own blog soon but I’m a little lost
on everything. Would you recommend starting with a free platform like WordPress or go for a paid option? There are so many choices
out there that I’m completely confused .. Any suggestions?
Cheers!
Good post. I will be dealing with some of these issues as well..
Excellent article. I definitely love this website.
Thanks!
Hello! I’ve been reading your weblog for some time now and finally got the courage
to go ahead and give you a shout out from Kingwood Texas!
Just wanted to mention keep up the good work!
Thanks for sharing your thoughts on joker123 deposit pulsa 10rb.
Regards
Hey there! I know this is kind of off topic but I was wondering if you knew where I could
locate a captcha plugin for my comment form? I’m using the same blog platform as
yours and I’m having difficulty finding one? Thanks
a lot!
Saved as a favorite, I love your site!
We’re a group of volunteers and opening a new scheme in our community.
Your site provided us with valuable info to work on. You have done an impressive job
and our entire community will be grateful to you.
These are truly great ideas in about blogging.
You have touched some nice points here. Any way keep up wrinting.
I like the valuable information you provide in your articles.
I’ll bookmark your weblog and check again here regularly. I am
quite certain I will learn a lot of new stuff right here! Good luck for the
next!
My web site :: https://promo-poker.com/
My partner and I stumbled over here from a different website and thought I should
check things out. I like what I see so i am just following
you. Look forward to looking at your web page for a second
time.
After exploring a handful of the blog articles on your blog, I truly
appreciate your way of writing a blog. I book-marked it to my bookmark website list and
will be checking back soon. Take a look at my web site too and
let me know your opinion.
Greetings, I do believe your blog could possibly be having browser compatibility issues.
When I take a look at your web site in Safari, it looks
fine however when opening in Internet Explorer, it’s got some overlapping issues.
I just wanted to give you a quick heads up! Other than that, fantastic site!
Hello! I know this is kinda off topic nevertheless I’d figured I’d ask.
Would you be interested in trading links or
maybe guest authoring a blog article or vice-versa? My site goes over
a lot of the same topics as yours and I feel we could greatly benefit from each other.
If you’re interested feel free to send me an email. I look forward to
hearing from you! Great blog by the way!
Hello, this weekend is pleasant for me, because this moment i am reading this great educational post here at my residence.
Good day! Do you use Twitter? I’d like to follow you if that would be okay.
I’m definitely enjoying your blog and look forward to new posts.
I pay a visit daily a few websites and blogs to read posts, however
this weblog presents feature based writing.
Hi there all, here every one is sharing these kinds of familiarity, therefore it’s good to
read this webpage, and I used to pay a quick
visit this blog daily.
An interesting discussion is definitely worth comment.
I do believe that you ought to publish more about this topic, it might
not be a taboo matter but generally folks don’t
discuss such topics. To the next! All the best!!
Hi I am so excited I found your webpage, I really found you by error, while I was browsing on Bing for something else, Anyhow I am here
now and would just like to say thanks a lot for a marvelous post
and a all round enjoyable blog (I also love the theme/design),
I don’t have time to look over it all at the moment but I have bookmarked it and also added your RSS feeds,
so when I have time I will be back to read more, Please do keep up the fantastic job.
Appreciate the recommendation. Let me try it out.
Asking questions are in fact pleasant thing if you
are not understanding something fully, but this post presents nice understanding even.
Hi there, i read your blog from time to time and i own a
similar one and i was just wondering if you get a lot
of spam remarks? If so how do you stop it, any
plugin or anything you can advise? I get so much lately it’s driving me crazy so any assistance is very much appreciated.
I am not sure where you’re getting your info,
but great topic. I needs to spend some time learning much more or understanding more.
Thanks for excellent information I was looking
for this info for my mission.
This is very interesting, You’re a very skilled blogger.
I have joined your rss feed and look forward to seeking more of your wonderful post.
Also, I’ve shared your web site in my social
networks!
Pretty element of content. I simply stumbled upon your site and in accession capital to assert that I get actually enjoyed account your weblog posts.
Any way I will be subscribing to your augment and even I success you access
constantly quickly.
Hi there! I know this is kind of off topic but I was wondering which blog
platform are you using for this site? I’m getting tired of WordPress because I’ve had problems with hackers and I’m looking at options
for another platform. I would be awesome if
you could point me in the direction of a good platform.
Everything is very open with a precise description of the
challenges. It was really informative. Your website is very useful.
Many thanks for sharing!
This web site certainly has all of the information I wanted about this subject and didn’t know who to ask.
It’s impressive that you are getting ideas from this paragraph as well
as from our argument made at this time.
Pretty great post. I just stumbled upon your blog and wanted to say that
I have truly enjoyed surfing around your weblog posts. After all I will be subscribing for your feed and I hope you write again soon!
You should be a part of a contest for one of the best blogs on the net.
I am going to highly recommend this site!
Hi I am so glad I found your web site, I really found
you by error, while I was searching on Digg for something else, Nonetheless I am here now and would just like to say
thanks a lot for a tremendous post and a all round exciting blog (I also love the theme/design), I don’t have time to go through it all at the
moment but I have book-marked it and also added in your RSS
feeds, so when I have time I will be back to read a lot
more, Please do keep up the superb work.
I have read so many posts regarding the blogger lovers except this post is in fact a pleasant post, keep it up.
I have fun with, lead to I discovered exactly what
I used to be having a look for. You’ve ended my 4 day long
hunt! God Bless you man. Have a nice day. Bye
I like the valuable info you supply to your articles. I’ll bookmark your blog and take a look
at again here frequently. I’m rather sure I’ll be informed lots of new stuff
right here! Good luck for the next!
I’m not sure exactly why but this weblog is loading very slow for me.
Is anyone else having this issue or is it a issue on my end?
I’ll check back later on and see if the problem still exists.
Oh my goodness! Incredible article dude! Thank you so much,
However I am experiencing issues with your RSS. I don’t know why I
can’t subscribe to it. Is there anybody else having identical RSS problems?
Anyone that knows the answer will you kindly respond?
Thanx!!