03-14-2013 02:57 AM
We have generated the SSL, via the setup followed as recommended by HDS & Brocade
Then, we have generated a certificate signing request
export the csr file to a server so we can send off to IT.secure to get the cert certified
seccertutil export -protocol scp -ipaddr yy.yy.yy.yy-remotedir /home/brocade/ -login uxxxxx
(yy.yy.yy.yy : ip address of a server, xx.xx.xx.xx: ip address of the switch)
IT Secure certified the Certificates. there are 3 files: xx.xx.xx.xx.pem, RootCA.crt and SubnewCA.crt (The root (trusted) and sub (intermediate) certificates)
Root (trusted) : Verisign Root CA.crt
Sub (intermediate) : Verisign primary intermediate.crt
Verisign Secondary Intermediate.crt
For internally signed certificates:
Root (trusted): RootCA.crt
Sub (intermediate): SubCANew.crt
We then renamed the xx.xx.xx.xx.crt as xx.xx.xx.xx.pem and imported the Certificate from the server to the swith via the command
seccertutil import -config swcert -enable https -protocol scp -ipaddr yy.yy.yy.yy -remotedir /home/brocade/ -certname xx.xx.xx.xx.pem -login uxxxxx
The certificate installed successfully.
However, when going to our IE Browser, and type https://xx.xx.xx.xx, the certificates appears as untrusted.
RootCA.crt is already certified in our company on avaery workstation as Certified XP Desktop Server.
We tried to concatenate the 3 certs in 1 file and imported successfully, but no joy, our access to the switch is still untrusted.
Any idea on what we could have missed ?