Connectrix B-Series: How do you enable HTTPS/SSL on a Fabric OS based switch?
Summary: How to easily enable HTTPS/SSL on a Brocade Fabric OS based switch.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Answer: Example
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
Products
Connectrix B-Series HardwareArticle Properties
Article Number: 000019087
Article Type: How To
Last Modified: 08 Oct 2024
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.