Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 11
Registered: ‎03-19-2007

SSL Certificate requests

I'm looking to enable HTTPS on our SAN switches and I know I need a signed certificate from a valid certificate authority.  We have a Windows server here that we use for our CA.  However, Windows CA doesn't like the *.csr files that the switches generate.  Is the *.csr the only format that the SAN switches use?

Super Contributor
Posts: 644
Registered: ‎03-01-2007

Re: SSL Certificate requests

"seccertutil" command

Occasional Contributor
Posts: 11
Registered: ‎03-19-2007

Re: SSL Certificate requests

Apologies, I wasn't as clear as I could be in my original message.

1.  I know how to generate a Certificate Signing Request (*.csr) using the seccertutil command on the SAN switches I manage.

2.  I know how to export a *.csr to a server/workstation using the seccertutil command.

3.  I know how to import a valid response from a Certificate Authority into the SAN switches I manage.

My question was meant to be "Can the seccertutil generate Certificate Signing Requests in another format that is compatible with a Windows server that is set up to be a Certificate Authority?"

I'm asking about this because the Windows Certificate Authority we have onsite rejects the *.csr files that the SAN switches generate as being "corrupt".

I have verified that the *.csr is good on a Linux box by using OpenSSL as a CA and generating a *.pem (Privacy Enhanced Mail) file.  Our development SAN switches imported the *.pem file without a problem and allowed HTTPS to be activated.

We're not using Linux in our production environment and our network security wants us to use the Windows CA for signing the certificates for our production SAN switches.

Super Contributor
Posts: 644
Registered: ‎03-01-2007

Re: SSL Certificate requests

--->>>We're not using Linux in our production environment....

If you don't use Linux in your Environments is another story, this not make any change that the Brocade Switches Fabric OS is Linux based.

The only supported Certificate ( another is unknown to me ) in Fabric OS is csr.

I'm sorry, i don't know another way to import the Cert. in other format.

Occasional Contributor
Posts: 10
Registered: ‎07-20-2010

Re: SSL Certificate requests

Try exporting the certificate as a DER Encoded Binary x.509 file (.cer) if using a Windows server as the CA.

It worked for me, after it failed to import the same file exported using a different option.

Regular Contributor
Posts: 226
Registered: ‎01-08-2011

Re: SSL Certificate requests

Export seems to be the command you use with openssl to convert the certificate to another type:

openssl outputformat -export -in file -out file.new

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.