How to Enable Brocade Web Tools | Arkit

We have recently installed Brocade G620 SAN Switch in new data center and we completed the setup by connecting serial console cable. Initial setup was completed successfully however when we are trying to launch the Web Tools (http://switch-ip) nothing happens. So we found the solution after searching so many web sites. Let’s see how to enable brocade web tools.

How to Enable Brocade Web Tools with HTTPS

Login to brocade SAN switch using SSH (Putty) as root user, if you login as Admin account it wont work.

Check HTTPS is enabled or not

:admin> seccertmgmt show -all

ssh private key:
Exists

ssh public keys available for users:
None

Certificate Files:
———————————————————-
Protocol Client CA Server CA SW CSR PVT Key Passphrase
———————————————————-
FCAP Empty NA Empty Empty Empty Empty
RADIUS Empty Empty Empty Empty Empty NA
LDAP Empty Empty Empty Empty Empty NA
SYSLOG Empty Empty Empty Empty Empty NA
HTTPS NA  Empty Empty Empty Empty NA

as shown in above command output HTTPS is not enabled.

Now generate local SSL certificate and enable the HTTPS to access Web Tools

Change directory path to /etc/fabos/certs/sw0 then generate certs

default:GID228:root>cd /etc/fabos/certs/sw0

default:GID228:root>pwd
/etc/fabos/certs/sw0

default:GID228:root> seccertutil genkey
Generating a new key pair will automatically do the following:
1. Delete all existing CSRs.
2. Delete all existing certificates.
3. Reset the certificate filename to none.
4. Disable secure protocols.

Warning: Key-pair generation is CPU intensive and can cause high CPU usage

Continue (yes, y, no, n): [no] yes
Select key size [1024 or 2048 or 4096 or 8192]: 2048
Generating new rsa public/private key pair
Done.

default:GID228:root> ls
pvt_key

default:GID228:root> seccertutil gencsr
Input hash type (sha1 or sha256): sha1
Country Name (2 letter code, eg, US):US
State or Province Name (full name, eg, California):California
Locality Name (eg, city name):Sunnyvale
Organization Name (eg, company name):TechArkit
Organizational Unit Name (eg, department name):IT
Common Name (Fully qualified Domain Name, or IP address):192.168.1.102
Generating CSR, file name is: 192.168.1.102.csr
Done.

Now generate PEM file using above CSR file

default:GID228:root> openssl
OpenSSL> x509 -req -days 9999 -sha1 -in /etc/fabos/certs/sw0/192.168.1.102.csr -signkey /etc/fabos/certs/sw0/pvt_key -out /tmp/192.168.1.102.pem
Signature ok
subject=/C=US/ST=California/L=Sunnyvale/O=TechArkit/OU=IT/CN=192.168.1.102
Getting Private key

Verify file is generated on specified location

default:GID228:root> ls /tmp |grep pem
192.168.1.102.pem zoneFileData_0

Now import the certificates to switch configuration

default:GID228:root> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.1.102
Enter remote directory: /tmp
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem
Enter Login Name: root
root@192.168.1.102's password:
Please import CA certificate before importing switch certificate.

While importing if you receive above message then import the CA cert first then import switch cert

default:GID228:root> seccertmgmt import -ca -server https
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.1.102
Enter remote directory: /tmp
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem
Enter Login Name: root
root@192.168.1.102's password:
Success: imported https certificate [192.168.1.102.pem].
Certificate file in configuration has been updated.
default:GID228:root> seccertutil import -config swcert -enable https
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.1.102
Enter remote directory: /tmp
Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem
Enter Login Name: root
root@192.168.1.102's password:
Success: imported certificate [192.168.1.102.pem].
Certificate file in configuration has been updated.
Secure http has been enabled.

After importing the certs properly verify HTTPS is enabled or not

default:GID228:root> seccertmgmt show -all

ssh private key:
Exists

ssh public keys available for users:
None

Certificate Files:
--------------------------------------------------------
Protocol Client CA Server CA SW CSR PVT Key Passphrase
--------------------------------------------------------
FCAP Empty NA Empty Empty Empty Empty
RADIUS Empty Empty Empty Empty Empty NA
LDAP Empty Empty Empty Empty Empty NA
SYSLOG Empty Empty Empty Empty Empty NA
HTTPS NA Exist Exist Exist Exist NA

That’s it, now you access the Web Tools from browser https://switch-ip

IBM v7000 Limitations

All NetApp Articles

Thanks for your wonderful Support and Encouragement