En el post Seguridad en una SAN Brocade II – Administración con protocolos inseguros se vió como denegar el acceso a los switches Brocade a través del interfaz de administración por protocolos no seguros, TELNET y HTTP. A continuación veremos como activar el protocolo HTTPS para acceder a la herramienta WEB TOOLS. El procedimiento se compone de una miscelanea de fuentes ya que el descrito en el Admin Guide del Fabric OS no es exacto. Se describe a continuación como se ha generado para el core de una fabric y de forma análoga se debe de realizar en el resto de switches:
1.- Hacer login con usuario con privilegios de administrador por SSH al switch al que se habilitará HTTPS y ejecutar la siguiente secuencia de comandos:
core1:angel> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048]: 1024
Generating new rsa public/private key pair
Done.core1:angel> seccertutil gencsr
Country Name (2 letter code, eg, US):ES
State or Province Name (full name, eg, California):Sevilla
Locality Name (eg, city name):Sevilla
Organization Name (eg, company name):AA
Organizational Unit Name (eg, department name):LABS
Common Name (Fully qualified Domain Name, or IP address):core1
Generating CSR, file name is: 192.168.100.1.csr
Done.core1:angel> seccertutil export
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter Login Name: angel
Enter Password:
Success: exported CSR.
2.- Copiar el fichero CSR a un servidor que contenga las utilidades openssl y el par de clave/certificado de la Agencia Certificadora "cacert.pem y cakey.pem". El siguiente comando generará a partir del fichero CSR un certificado que importaremos desde el switch para activar el sevicio HTTPS:
angel@miequipo ~/pendiente/certificados $ openssl x509 -req -days 3650 -in 192.168.100.1.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out 192.168.100.1.pem
Signature ok
subject=/C=ES/ST=Sevilla/L=Sevilla/O=AA/OU=LABS/CN=core1
Getting CA Private Key
Enter pass phrase for cakey.pem:
En este caso se ha asignado un serial para cada switch (-set_serial) de la siguiente forma:
core1 –> 01
core2 –> 02
edge4 –> 03
edge2 –> 04
edge8 –> 05
edge6 –> 06
edge3 –> 07
edge1 –> 08
edge7 –> 09
edge5 –>10
3.- El certificado creado importarlo en el switch
core1:angel> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: ftp
Enter IP address: 192.168.200.1
Enter remote directory: /home/angel/certs/
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.100.1.pem
Enter Login Name: angel
Enter Password:
Success: imported certificate [192.168.100.1.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.
De esta forma ya está el servicio HTTPS levantado.
Hello there! I could have sworn I’ve visited this website before
but after going through many of the articles I realized it’s new to me.
Regardless, I’m definitely pleased I found it and I’ll be bookmarking it and checking back frequently!
A person necessarily help to make seriously posts I might state.
This is the first time I frequented your web page and so far?
I amazed with the analysis you made to make this
particular publish incredible. Great activity!
Hurrah! After all I got a website from where I be able to in fact take valuable
facts concerning my study and knowledge.
If some one desires expert view on the topic of blogging
then i recommend him/her to visit this weblog, Keep up the pleasant job.
I think this is one of the most vital info for me. And i’m glad reading your article.
But want to remark on few general things, The website style is wonderful, the articles is really great : D.
Good job, cheers
I every time used to study post in news papers but now as I am a user of internet so
from now I am using net for posts, thanks to web.
Here is my webpage :: judi online pakai pulsa
This post is actually a good one it helps new internet viewers,
who are wishing in favor of blogging.
You actually make it appear really easy with your
presentation however I find this matter to be really one thing which I believe I’d by no means understand.
It seems too complex and very wide for me. I am taking a look forward to your next publish, I’ll try to get the dangle of it!
I’m really loving the theme/design of your weblog. Do
you ever run into any internet browser compatibility problems?
A number of my blog readers have complained about my blog not operating correctly in Explorer but looks great in Chrome.
Do you have any suggestions to help fix this problem?
Aw, this was an extremely nice post. Finding the time and actual effort to generate a really good
article… but what can I say… I hesitate a lot
and don’t manage to get nearly anything done.
Thanks , I’ve recently been looking for information about this subject for ages
and yours is the greatest I’ve came upon so far. But, what concerning the bottom line?
Are you positive about the source?
Hey There. I found your blog using msn. This is a really well written article.
I will be sure to bookmark it and come back to read more
of your useful info. Thanks for the post. I’ll certainly comeback.
Hey there! Quick question that’s completely off topic.
Do you know how to make your site mobile friendly?
My web site looks weird when viewing from my iphone 4.
I’m trying to find a theme or plugin that might be able to resolve this
issue. If you have any suggestions, please share.
Cheers!
bookmarked!!, I like your site!
I just could not leave your website before suggesting that I actually enjoyed the
standard information an individual supply for your guests?
Is gonna be again frequently in order to inspect new posts
When someone writes an piece of writing he/she keeps the image of a user
in his/her brain that how a user can be aware of it.
Therefore that’s why this article is outstdanding.
Thanks!
Heya! I realize this is kind of off-topic but I had to ask.
Does managing a well-established website like yours take a
massive amount work? I’m completely new to blogging
however I do write in my journal daily. I’d like to start a blog so I can easily
share my experience and views online. Please let me know if you have any kind
of ideas or tips for brand new aspiring blog owners.
Appreciate it!
Thanks for ones marvelous posting! I truly enjoyed reading
it, you might be a great author.I will be sure to bookmark your
blog and will often come back later on. I want to encourage one to
continue your great work, have a nice holiday
weekend!
My coder is trying to convince me to move to .net from PHP.
I have always disliked the idea because of the expenses.
But he’s tryiong none the less. I’ve been using WordPress on various websites for
about a year and am nervous about switching to another platform.
I have heard very good things about blogengine.net.
Is there a way I can transfer all my wordpress posts into it?
Any help would be really appreciated!
I am curious to find out what blog platform you happen to
be working with? I’m experiencing some small security problems with my
latest blog and I would like to find something more risk-free.
Do you have any recommendations?
My programmer is trying to convince me to move
to .net from PHP. I have always disliked the idea because of the costs.
But he’s tryiong none the less. I’ve been using
WordPress on several websites for about a year and
am nervous about switching to another platform.
I have heard excellent things about blogengine.net.
Is there a way I can transfer all my wordpress content into it?
Any kind of help would be greatly appreciated!
Very great post. I simply stumbled upon your weblog and wanted to mention that I’ve really loved surfing around your blog posts.
After all I will be subscribing on your feed and
I’m hoping you write once more soon!
Howdy! This is kind of off topic but I need some help from an established blog.
Is it very difficult to set up your own blog? I’m not very techincal but I can figure
things out pretty quick. I’m thinking about creating my own but I’m not sure where to
start. Do you have any points or suggestions? Thanks
Hello there, just became aware of your blog through Google, and found that it
is really informative. I’m gonna watch out for
brussels. I’ll appreciate if you continue this in future. Numerous people
will be benefited from your writing. Cheers!
I couldn’t resist commenting. Exceptionally well written!
Have you ever considered about including a little bit more than just your
articles? I mean, what you say is important and everything.
However just imagine if you added some great pictures or video clips to give
your posts more, «pop»! Your content is excellent but with images and
videos, this blog could certainly be one of the very best in its field.
Superb blog!
Hey I know this is off topic but I was wondering if you knew of any
widgets I could add to my blog that automatically tweet my newest twitter updates.
I’ve been looking for a plug-in like this for quite some time and was hoping
maybe you would have some experience with something like this.
Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.
Wow! At last I got a weblog from where I know how
to truly take useful information regarding my study and knowledge.
Thanks to my father who shared with me on the topic of this webpage, this weblog
is truly remarkable.
It’s the best time to make some plans for the future and it’s time to be happy.
I have learn this put up and if I may I wish to recommend you
some fascinating issues or tips. Maybe you can write next articles referring
to this article. I want to learn even more issues
about it!
Quality articles or reviews is the key to attract the people to
go to see the web site, that’s what this web page is providing.
Thanks in support of sharing such a nice thinking, post is fastidious, thats why
i have read it fully
Keep on writing, great job!
Hi! Quick question that’s completely off topic. Do you know how to make your site mobile friendly?
My website looks weird when browsing from my iphone. I’m trying to find a
theme or plugin that might be able to fix this problem.
If you have any recommendations, please share.
Thank you!
Woah! I’m really enjoying the template/theme of this blog.
It’s simple, yet effective. A lot of times it’s difficult to get that «perfect balance»
between usability and visual appeal. I must say you’ve done a excellent job with this.
In addition, the blog loads extremely quick for me on Opera.
Outstanding Blog!
Hmm is anyone else having problems with the pictures on this blog loading?
I’m trying to determine if its a problem on my end or if it’s the blog.
Any feed-back would be greatly appreciated.
Look at my web site – seputaranime.com
We’re a group of volunteers and starting a new scheme in our community.
Your web site offered us with useful information to work on. You have performed an impressive process and our whole community will likely be thankful
to you.
Have you ever considered about adding a little bit
more than just your articles? I mean, what you say is important and all.
Nevertheless think of if you added some great graphics or video clips to give your posts more, «pop»!
Your content is excellent but with pics and videos,
this website could certainly be one of the very best in its
niche. Very good blog!
Hmm is anyone else encountering problems with the pictures
on this blog loading? I’m trying to determine if its a problem on my end or if it’s
the blog. Any suggestions would be greatly appreciated.
I loved as much as you will receive carried out right
here. The sketch is attractive, your authored material stylish.
nonetheless, you command get got an impatience over that you wish be delivering the following.
unwell unquestionably come further formerly
again since exactly the same nearly very often inside case you shield this hike.
Hi there, I enjoy reading all of your article.
I like to write a little comment to support you.
Your style is unique compared to other folks I have read stuff from.
I appreciate you for posting when you’ve got the opportunity, Guess I will just book
mark this page.
What’s up, I wish for to subscribe for this webpage to take newest updates, thus where can i do it please help.
I like the helpful info you provide in your articles.
I’ll bookmark your blog and check again here regularly.
I’m quite certain I will learn a lot of new stuff right here!
Best of luck for the next!
Here is my homepage: https://themesaja.com/
It’s appropriate time to make some plans for the future and it’s time
to be happy. I’ve learn this publish and if I could I want to recommend
you few interesting issues or suggestions. Perhaps you could write next articles regarding this article.
I desire to learn more things approximately it!
Hello, I enjoy reading through your post. I like to write a little comment to
support you.
Look at my web page … videoaduayam.com
It is the best time to make some plans for the future and it’s time to be happy.
I’ve read this post and if I could I desire to suggest you some interesting things or tips.
Maybe you can write next articles referring to this article.
I want to read even more things about it!
Great beat ! I wish to apprentice while you amend your website,
how could i subscribe for a blog site? The account helped me a acceptable deal.
I had been a little bit acquainted of this your broadcast offered bright clear idea
Pretty nice post. I just stumbled upon your weblog and wished to say that I have really enjoyed surfing around your
blog posts. After all I will be subscribing to your feed and I hope you write again soon!
Hmm it seems like your website ate my first comment (it was extremely long)
so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your
blog. I too am an aspiring blog blogger but I’m still new
to everything. Do you have any tips and hints for
inexperienced blog writers? I’d really appreciate it.