Welcome to DEL EMC connects Brocade B SERIES.
How to enable https web tools, GUI access on Brocade switches with self signed certificates in fabric OSA 0.0 dot X and lower reference del EMC knowledge base article number 333045.
This video is created to demonstrate how to enable https web tools gu access on Brocade switches with self signed certificate in fabric OS 8.0.X and lower web tools can be accessed via both http and https. Http by default uses plain text for communication which is not secure and can be sniffed by any attacker.
Conversely, https uses SSL secure sockets layer certificate to encrypt the data between switch and the browser note that in https, the actual data is wrapped by an encryption layer and can only be decrypted by the parties using appropriate certificate. Hence, even if the data is sniffed, it can't be read by an attacker. Https access for the web tools, GUI can only be activated with a correct certificate.
Instead of getting an official one from certificate authority or third party company, you can create a self signed certificate for internal usage before you begin, make sure all the prerequisites mentioned in the slide are met. The principle of generating the self signed certificate is to create the pen file which then will be imported into the switch.
In this example, we will use the easiest solution and generate the key on the switch note that this needs route user access, caution is advised and wrong usage of the route user access may render the switch unusable. This procedure has to be done by root User. Note that this needs root user access, caution is advised and wrong use of the route user access may render the switch unusable. Log into the via SSH/telnet.
Check the firmware version running on the switch as this procedure is used for the fabric OS version 8.0.X and lower. The HTTPS certificate does not exist on this switch. This was tested by logging into the web tools of the switch with HTTPS using internet explorer.
The web tools failed to launch with the error cannot reach this page. We now go ahead and generate the https certificate on the switch. Change the directory to/etc/fabos/certs/sw0. Check if you are in the correct directory with the command pwd. Check if there is anything in the directory, if there is, for example, in old CSR and PEM files, they can be removed with the command "rmfilename", use the command sec cert util to generate the public self private key pair on the switch in interactive mode. Enter yes to continue. Enter the key size.
The key pair has been successfully generated. Check if the key is present in the directory. Generate the CSR certificate sign in request file in interactive mode. Key in the hash type, country name, state or province name, locality name, organization name, organizational unit name, IP address of the switch. The CSR file has been successfully generated. Check if the file is created in the directory, launch open SSL shell. Generate the self signed key and the PEM that is privacy enhanced mail. Note that this will create the file in the/temp directory on the switch.
the X 509 commands might have different arguments and different versions of FOS. But the principle is the same here. We convert the certificate into. pem extension and store it in the temp directory on the switch Type exit to get out of open SSL shell Check if the file is in the/temp directory, import the PEM file with SCP (secure copy protocol) stored in the temp directory on the switch and enable HTTPS. select "Protocol".
Enter the IP address of the switch, get into the/temp directory. Enter the certificate name. Enter the switch credentials. The https certificate has been successfully created on the switch. Log into the web tools of the switch with HTTPS by keying in the IP address of the switch and the internet explorer.
We are now able to launch the web tools for the switch. Log into the web tools using the root or the admin credentials. Please refer to the following online resources. Thank you for watching.
