How to Easily Enable HTTPS/SSL on a Brocade Fabric OS Based Switch with CA

Content

How to easily enable HTTPS/SSL on a Brocade Fabric OS based switch with CA

Objective

This will help customer or local engineer to easily enable HTTPS/SSL on a Brocade Fabric OS based switch to achieve one of security requirement.

Environment

  • Brocade Fabric OS
  • Fabric OS below 8.2.x

Procedure

1) Delete all existing keys with the following command: seccertutil delkey
   Example:
      > seccertutil delkey

   Deleting the key pair will automatically do the following:
   1. Delete all existing CSRs.
   2. Delete all existing certificates.
   3. Reset the certificate filename to none.
   4. Disable secure protocols.

   Continue (yes, y, no, n): [no] y

2) Generate new keys and select either 1024 or 2048 key size at the prompt with the following command: seccertutil genkey
     Example:
       > seccertutil genkey

      Generating a new key pair will automatically do the following:
      1. Delete all existing CSRs.
      2. Delete all existing certificates.
      3. Reset the certificate filename to none.
      4. Disable secure protocols.
  
      Continue (yes, y, no, n): [no] y
      Select key size [1024 or 2048]: 1024
      Generating new rsa public/private key pair
      Done.

3) Generate a new CSR completing the prompts specific to the switch environment with the following command: seccertutil gencsr
   Example:
     > seccertutil gencsr
      Country Name (2 letter code, eg, US):US
      State or Province Name (full name, eg, California):Colorado
      Locality Name (eg, city name):Broomfield
      Organization Name (eg, company name):Brocade
      Organizational Unit Name (eg, department name):Customer Support
      Common Name (Fully qualified Domain Name, or IP address):10.10.10.10
      Generating CSR, file name is: 10.10.10.10.csr
      Done.

4) Export CSR to be used with CA (Certificate Authority) completing the prompts specific to the environment with the following command: seccertutil export
   Example:
     > seccertutil export
      Select protocol [ftp or scp]: scp
      Enter IP address: 10.10.10.1
      Enter remote directory: localca/certin
      Enter Login Name: user
      user@10.10.10.1's password:
      Success: exported CSR [10.10.10.10.csr].

5) Generate certificate from CA in the PEM format.
6) Import certificate and enable https with the following command (this example is using scp, but can use ftp if necessary):

seccertutil import -config swcert -enable https -protocol scp -ipaddr <IP of SCP server> -remotedir <directory where cert is located> -certname <cert_name.pem> -login <username>

Make sure to properly substitute the values that are unique to the switch environment.

     Example:
     > seccertutil import -config swcert -enable https -protocol scp -ipaddr 10.10.10.1 -remotedir localca/certout -certname 10.10.10.10.pem -login user
     user@10.10.10.1's password:
     Success: imported certificate [10.10.10.10.pem].
     Certificate file in configuration has been updated.
     Secure http has been enabled.

 

Additional Notes

Please make sure the certificate is in PEM format when importing instead of .cer or .cert
From release notes 8.1.0:
secCertMgmt Command
FOS v8.1.0 introduces a new CLI command secCertMgmt to provide consistency and uniformity of certificate management for various security protocols. This command is planned as a replacement of the existing secCertUtil command.

CXOne Metadata

PageID: 19055

Solution Properties

Keywords
https://knowledge.hitachivantara.com/Knowledge/Networking/Brocade/How_to_easily_enable_HTTPS2F2FSSL_on_a_Brocade_Fabric_OS_based_switch. HTTPS Brocade seccertutil
Solution ID
250312015948910
Last Modified Date
03/13/2025 05:13:00 AM
Attributes
Page Privacy and Permission Assignment
  • Page Privacy: Private
  • Page Level Permissions: Employee; Service Partner; Customer; Knowledge Author; Knowledge Editor; IT; eServices; Knowledge Draft
  • Article: howto
  • Pagetype: knowledgearticle
Taxonomy
  • Networking > Brocade
Collections
  • Guest (Public)
Views
0