Fibre Channel (SAN)

Reply
Contributor
Posts: 39
Registered: ‎02-14-2006

FabOS and creating a Self-Signed Certificate

Hi,

Does anyone tried to create a self-signed certificate based on a switch .CSR file.

I want to self-sign the file without an official CA.

Any ideas?

Kind regards,

Chris

Frequent Visitor
Posts: 1
Registered: ‎05-16-2007

Re: FabOS and creating a Self-Signed Certificate

Brocade Support does not provided detailed information on the entire process.  They leave you to figure out a lot of the details, which is very disappointing.

If you have a Windows 2008 R2 Certificate Authority setup, I have confirmed the following works:

Note: Change the IP address to reflect your SAN switch

* Run the following commands (Note: Change the localization info for the CSR to relect your organization.)

seccertutil genkey -nowarn -keysize 1024
seccertutil gencsr -country "US" -state "Florida" -locality "Fort Myers" -org "ABC Corp" -orgunit "IT" -cn 192.168.1.20
seccertutil showcsr

***** ***** ***** ***** *****

* From the output of the "seccerutil showcsr", copy the CRL info at the bottom of the output.
* It must start with the BEGIN line listed below and end with the END line listed below.

-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

* Save this to a text file named "192.168.1.20.txt".
* Copy this text file to your Windows Server 2008 R2 Certificate Authority Server.

***** ***** ***** ***** *****

* Open a command prompt as Administrator.
* In the command prompt, run the command below.

certreq -submit -attrib CertificateTemplate:WebServer

* During the command execution browse and select your "192.168.1.20.txt" text file.
* You will be prompted for the Certificate Server, select your server.
* You will be prompted to save the certificate, save it as "192.168.1.20.cer"
* Copy this file to your Local PC in your ftp folder.

***** ***** ***** ***** *****

* Open the certificate in your ftp folder.
* Click the "Details" tab.
* Click the "Copy to File..." button.
* Click the "Next >" button.
* Select "DER encoded binary X.509 (.CER)".
* Click the "Next >" button.
* Save the file as "SANCERT.192.168.1.20.cer" to your ftp folder.


***** ***** ***** ***** *****

* Run the following command

seccertutil import -config swcert -enable https

* Make sure you choose the "SANCERT.192.168.1.20.cer" file.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook