Fibre Channel (SAN)

Reply
Occasional Visitor
Posts: 1
Registered: ‎11-04-2011

HTTPS Webtool GUI Problem after upgraded to v8.1.*.

My environment:
Switch: Brocade 6505
Management console: Windows 10, IE 11, JAVA 8u151

 

Hello, I see some posts about HTTPS webtool GUI problem after upgraded to v8.1.*. I have same problem after upgraded from v8.0.1b to v8.1.1. HTTP webtool and CLI work no problem.

 

I ran "seccertmgmt show -all" and it shows that the HTTPS Server CA cert is "Exists", But the HTTPS switch (SW) cert is "Empty".

 

When I downgraded from v8.1.1 to v8.0.1, HTTPS webtool works no problem.

 

Therefore I tried to re-install my certs on v8.1.1. My switch cert is issued by Intermediate CA, and the Intermediate CA cert is issued by Root CA, so three certs (switch, Intermediate CA, Root CA) need to be installed.

 

I successfully installed Root CA cert. But I can't install Intermediate CA cert and switch cert with error message "Error: unable to get local issuer certificate".

 

1. To install Root CA cert, I ran below.
seccertmgmt import -ca -server https -protocol scp -ipaddr *.*.*.* -remotedir /*/* -certname root-ca.pem
Success: imported https certificate [root-ca.pem].
Certificate file in configuration has been updated.

 

2. To install Intermediate CA, I ran below.
seccertmgmt import -ca -server https -protocol scp -ipaddr *.*.*.* -remotedir /*/* -certname intermediate-ca.pem
Error: unable to get local issuer certificate

 

3. To install switch cert, I ran below.
seccertmgmt import -cert https -protocol scp -ipaddr *.*.*.* -remotedir /*/* -certname swtch.pem
Error: unable to get local issuer certificate


Does anyone know how to install Intermediate CA cert and switch cert?

 

Thank you,

 

Brocade Moderator
Posts: 328
Registered: ‎08-31-2009

Re: HTTPS Webtool GUI Problem after upgraded to v8.1.*.

Hello,

 

Try the procedure below:

 

  • Managed to find the CA-inter-certificate and merged it with the CA-root certificate, it should be imported with success as a CA server https certificate.
    Then import the switch-certificate for HTTPS.
    The switch-certificate is unchained but both chained and unchained switch-certificates are working.

 

  • Log from the implementation below.

    switch> seccertmgmt show -all

    ssh private key:
    Does not Exist

    ssh public keys available for users:
    None

    Certificate Files:
    --------------------------------------------------------------------------------------------------------------------
    Protocol Client CA Server CA SW CSR PVT Key Passphrase
    --------------------------------------------------------------------------------------------------------------------
    FCAP Empty NA Empty Empty Empty Empty
    RADIUS Empty Empty Empty Empty Empty NA
    LDAP Empty Exist Empty Empty Empty NA
    SYSLOG Empty Empty Empty Empty Empty NA
    HTTPS NA Empty Empty Exist Exist NA

    switch> seccertmgmt import -ca -server https -protocol scp -ipaddr xx.xx.xx.xx -remotedir /cert -certname rootca-chained.pem -login admin
    admin@xx.xx.xx.xx's password:
    Success: imported https certificate [rootca-chained.pem].
    Certificate file in configuration has been updated.

    switch> seccertmgmt import -cert https -protocol scp -ipaddr xx.xx.xx.xx -remotedir /cert -certname xx.xx.xx.xx.pem -login admin
    admin@xx.xx.xx.xx's password:
    Success: imported https certificate [xx.xx.xx.xx.pem].
    Certificate file in configuration has been updated.
    Secure http has been enabled.

    switch> seccertmgmt show -all

    ssh private key:
    Does not Exist

    ssh public keys available for users:
    None

    Certificate Files:
    --------------------------------------------------------------------------------------------------------------------
    Protocol Client CA Server CA SW CSR PVT Key Passphrase
    --------------------------------------------------------------------------------------------------------------------
    FCAP Empty NA Empty Empty Empty Empty
    RADIUS Empty Empty Empty Empty Empty NA
    LDAP Empty Exist Empty Empty Empty NA
    SYSLOG Empty Empty Empty Empty Empty NA
    HTTPS NA Exist Exist Exist Exist NA

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Brocade Moderator
Posts: 328
Registered: ‎08-31-2009

Re: HTTPS Webtool GUI Problem after upgraded to v8.1.*.

[ Edited ]

Previous documentations were not completely accurate around the configuration.

Please find attached the 8.2 admin guide where the description is in page 219.

 

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook