How to Enable Brocade Web Tools | Arkit
We have recently installed Brocade G620 SAN Switch in new data center and we completed the setup by connecting serial console cable. Initial setup was completed successfully however when we are trying to launch the Web Tools (http://switch-ip) nothing happens. So we found the solution after searching so many web sites. Let’s see how to enable brocade web tools.
How to Enable Brocade Web Tools with HTTPS
Login to brocade SAN switch using SSH (Putty) as root user, if you login as Admin account it wont work.
Check HTTPS is enabled or not
:admin> seccertmgmt show -all
ssh private key:
Exists
ssh public keys available for users:
None
Certificate Files:
———————————————————-
Protocol Client CA Server CA SW CSR PVT Key Passphrase
———————————————————-
FCAP Empty NA Empty Empty Empty Empty
RADIUS Empty Empty Empty Empty Empty NA
LDAP Empty Empty Empty Empty Empty NA
SYSLOG Empty Empty Empty Empty Empty NA
HTTPS NA Empty Empty Empty Empty NA
as shown in above command output HTTPS is not enabled.
Now generate local SSL certificate and enable the HTTPS to access Web Tools
Change directory path to /etc/fabos/certs/sw0 then generate certs
default:GID228:root>cd /etc/fabos/certs/sw0 default:GID228:root>pwd /etc/fabos/certs/sw0 default:GID228:root> seccertutil genkey Generating a new key pair will automatically do the following: 1. Delete all existing CSRs. 2. Delete all existing certificates. 3. Reset the certificate filename to none. 4. Disable secure protocols. Warning: Key-pair generation is CPU intensive and can cause high CPU usage Continue (yes, y, no, n): [no] yes Select key size [1024 or 2048 or 4096 or 8192]: 2048 Generating new rsa public/private key pair Done. default:GID228:root> ls pvt_key default:GID228:root> seccertutil gencsr Input hash type (sha1 or sha256): sha1 Country Name (2 letter code, eg, US):US State or Province Name (full name, eg, California):California Locality Name (eg, city name):Sunnyvale Organization Name (eg, company name):TechArkit Organizational Unit Name (eg, department name):IT Common Name (Fully qualified Domain Name, or IP address):192.168.1.102 Generating CSR, file name is: 192.168.1.102.csr Done.
Now generate PEM file using above CSR file
default:GID228:root> openssl OpenSSL> x509 -req -days 9999 -sha1 -in /etc/fabos/certs/sw0/192.168.1.102.csr -signkey /etc/fabos/certs/sw0/pvt_key -out /tmp/192.168.1.102.pem Signature ok subject=/C=US/ST=California/L=Sunnyvale/O=TechArkit/OU=IT/CN=192.168.1.102 Getting Private key
Verify file is generated on specified location
default:GID228:root> ls /tmp |grep pem 192.168.1.102.pem zoneFileData_0
Now import the certificates to switch configuration
default:GID228:root> seccertutil import -config swcert -enable https Select protocol [ftp or scp]: scp Enter IP address: 192.168.1.102 Enter remote directory: /tmp Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem Enter Login Name: root root@192.168.1.102's password: Please import CA certificate before importing switch certificate.
While importing if you receive above message then import the CA cert first then import switch cert
default:GID228:root> seccertmgmt import -ca -server https Select protocol [ftp or scp]: scp Enter IP address: 192.168.1.102 Enter remote directory: /tmp Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem Enter Login Name: root root@192.168.1.102's password: Success: imported https certificate [192.168.1.102.pem]. Certificate file in configuration has been updated.
default:GID228:root> seccertutil import -config swcert -enable https Select protocol [ftp or scp]: scp Enter IP address: 192.168.1.102 Enter remote directory: /tmp Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):192.168.1.102.pem Enter Login Name: root root@192.168.1.102's password: Success: imported certificate [192.168.1.102.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
After importing the certs properly verify HTTPS is enabled or not
default:GID228:root> seccertmgmt show -all ssh private key: Exists ssh public keys available for users: None Certificate Files: -------------------------------------------------------- Protocol Client CA Server CA SW CSR PVT Key Passphrase -------------------------------------------------------- FCAP Empty NA Empty Empty Empty Empty RADIUS Empty Empty Empty Empty Empty NA LDAP Empty Empty Empty Empty Empty NA SYSLOG Empty Empty Empty Empty Empty NA HTTPS NA Exist Exist Exist Exist NA
That’s it, now you access the Web Tools from browser https://switch-ip
Thanks for your wonderful Support and Encouragement