Fibre Channel (SAN)

Reply
Contributor
Posts: 39
Registered: ‎02-14-2006

FabOS and creating a Self-Signed Certificate

Hi,

Does anyone tried to create a self-signed certificate based on a switch .CSR file.

I want to self-sign the file without an official CA.

Any ideas?

Kind regards,

Chris

Frequent Visitor
Posts: 1
Registered: ‎05-16-2007

Re: FabOS and creating a Self-Signed Certificate

Brocade Support does not provided detailed information on the entire process.  They leave you to figure out a lot of the details, which is very disappointing.

If you have a Windows 2008 R2 Certificate Authority setup, I have confirmed the following works:

Note: Change the IP address to reflect your SAN switch

* Run the following commands (Note: Change the localization info for the CSR to relect your organization.)

seccertutil genkey -nowarn -keysize 1024
seccertutil gencsr -country "US" -state "Florida" -locality "Fort Myers" -org "ABC Corp" -orgunit "IT" -cn 192.168.1.20
seccertutil showcsr

***** ***** ***** ***** *****

* From the output of the "seccerutil showcsr", copy the CRL info at the bottom of the output.
* It must start with the BEGIN line listed below and end with the END line listed below.

-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

* Save this to a text file named "192.168.1.20.txt".
* Copy this text file to your Windows Server 2008 R2 Certificate Authority Server.

***** ***** ***** ***** *****

* Open a command prompt as Administrator.
* In the command prompt, run the command below.

certreq -submit -attrib CertificateTemplate:WebServer

* During the command execution browse and select your "192.168.1.20.txt" text file.
* You will be prompted for the Certificate Server, select your server.
* You will be prompted to save the certificate, save it as "192.168.1.20.cer"
* Copy this file to your Local PC in your ftp folder.

***** ***** ***** ***** *****

* Open the certificate in your ftp folder.
* Click the "Details" tab.
* Click the "Copy to File..." button.
* Click the "Next >" button.
* Select "DER encoded binary X.509 (.CER)".
* Click the "Next >" button.
* Save the file as "SANCERT.192.168.1.20.cer" to your ftp folder.


***** ***** ***** ***** *****

* Run the following command

seccertutil import -config swcert -enable https

* Make sure you choose the "SANCERT.192.168.1.20.cer" file.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.