02-01-2010 12:00 PM
I'm looking to enable HTTPS on our SAN switches and I know I need a signed certificate from a valid certificate authority. We have a Windows server here that we use for our CA. However, Windows CA doesn't like the *.csr files that the switches generate. Is the *.csr the only format that the SAN switches use?
02-02-2010 07:11 AM
Apologies, I wasn't as clear as I could be in my original message.
1. I know how to generate a Certificate Signing Request (*.csr) using the seccertutil command on the SAN switches I manage.
2. I know how to export a *.csr to a server/workstation using the seccertutil command.
3. I know how to import a valid response from a Certificate Authority into the SAN switches I manage.
My question was meant to be "Can the seccertutil generate Certificate Signing Requests in another format that is compatible with a Windows server that is set up to be a Certificate Authority?"
I'm asking about this because the Windows Certificate Authority we have onsite rejects the *.csr files that the SAN switches generate as being "corrupt".
I have verified that the *.csr is good on a Linux box by using OpenSSL as a CA and generating a *.pem (Privacy Enhanced Mail) file. Our development SAN switches imported the *.pem file without a problem and allowed HTTPS to be activated.
We're not using Linux in our production environment and our network security wants us to use the Windows CA for signing the certificates for our production SAN switches.
02-02-2010 07:31 AM
--->>>We're not using Linux in our production environment....
If you don't use Linux in your Environments is another story, this not make any change that the Brocade Switches Fabric OS is Linux based.
The only supported Certificate ( another is unknown to me ) in Fabric OS is csr.
I'm sorry, i don't know another way to import the Cert. in other format.
01-24-2012 03:13 AM
Try exporting the certificate as a DER Encoded Binary x.509 file (.cer) if using a Windows server as the CA.
It worked for me, after it failed to import the same file exported using a different option.