Connectrix B-Series: How do you enable HTTPS/SSL on a Fabric OS based switch?
摘要: How to easily enable HTTPS/SSL on a Brocade Fabric OS based switch.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
說明
Answer: Example
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
1) Delete all existing keys with the following command: seccertutil delkey
Example:
> seccertutil delkey
Deleting the key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y
2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
Example:
>seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.
Continue (yes, y, no, n): [no] y Select key size [1024 or 2048]: 1024 Generating new rsa public/private key pair Done.
3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
Example:
> seccertutil gencsr Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):Colorado Locality Name (eg, city name):Broomfield Organization Name (eg, company name):Brocade Organizational Unit Name (eg, department name):Customer Support Common Name (Fully Qualified Domain Name, or IP address):10.10.10.10 Generating CSR, file name is: 10.10.10.10.csr Done.
4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
Example:
> seccertutil export Select protocol [ftp or scp]: scp Enter IP address: 10.10.10.1 Enter remote directory: localca/certin Enter Login Name: user user@10.10.10.1's password: Success: exported CSR [10.10.10.10.csr].
5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):
seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>
Make sure to properly substitute the values that are unique to the switch environment.
Example.
> seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user user@10.10.10.1's password: Success: imported certificate [10.10.10.10.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
At this point, https will be enabled and active on the switch. No other commands are needed to activate.
產品
Connectrix B-Series Hardware文章屬性
文章編號: 000019087
文章類型: How To
上次修改時間: 08 10月 2024
版本: 3
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。