Connectrix B-Series: How do you enable HTTPS/SSL on a Fabric OS based switch?
Podsumowanie: How to easily enable HTTPS/SSL on a Brocade Fabric OS based switch.
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Instrukcje
Answer: Example
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
Produkty
Connectrix B-Series HardwareWłaściwości artykułu
Numer artykułu: 000019087
Typ artykułu: How To
Ostatnia modyfikacja: 08 paź 2024
Wersja: 3
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.