Management Software

Reply
Occasional Contributor
Posts: 6
Registered: ‎04-28-2017

Enable SSL access for BNA via web browser

I'm trying to enabled SSL for BNA access (https://mybnaserver.somehost.com). I have a cert generated by our internal CA...how do I enable it for use by the server?

 

I've loaded it into the keystore, but that's wrong or there's more to it. Can't find anything that clearly calls out these steps in the documentation. May be there and I overlooked it...

Occasional Contributor
Posts: 6
Registered: ‎04-28-2017

Re: Enable SSL access for BNA via web browser

Bump...

 

Do I need to open a support ticket? This would seem to be a fairly straight forward configuration item but I can't figure it out. Some config file I have to modify somewhere?

Brocade Moderator
Posts: 383
Registered: ‎03-29-2011

Re: Enable SSL access for BNA via web browser

Hi Wayne,

 

sorry for the late reply. So, you have a cert which is enabled by you internal CA for your server. Then there is a two steps process:

 

  1. Add your original CA to the BNA truststore (pfx format)
  2. Import your certificate into BNA keystore (need to be in pfx format);

Some more details:

 

0. Converting a crt into a pfx format file - can be done via openssl which is included with BNA (see  details) if you have key

 

c:\Program Files\Network Advisor 14.x.y\bin>openssl pkcs12 -export -out BNA.pfx -inkey BNA.key -in BNA.crt

 

where BNA.pfx is the exported file; BNA.crt is the certificate; CA.crt is your CA.crt; and BNA.key is your private key

 

or if you a have BNA.pem file (see details)

 

c:\Program Files\Network Advisor 14.x.y\bin>openssl pkcs12 -export -out BNA.pfx -inkey BNA.pem -in BNA.crt

 

1. If you are using a private CA, you need to import into the truststore before importing the new certificate.  Otherwise if the CA in the list, you can skip this step. Or if using a combined self signed certificate. Notice that CA certificate also need be in pfx format!

 

import-truststore.PNG

 

2. Next you need import the BNA certificate into the keystore of BNA, via "Server > Options" and under in the "Software Configuration" select Certificates. Then for Keystore Certificate dropdown meny select replace:

 

replace-cert.PNG

 

Then you will have replacement menu - browse for the pfx file and select it, notice the password for the certificate

 

replace-cert-view.PNG

 

Then hit OK, and then you will see the following

 

replace-cert-good.png\

 

You might want to check out the certificate by going to drop down menue and do View

 

view-certificate-keystore.png

 

 

Some back ground information

 

"Certificate management also allows you to manage the Management application server truststore as well as the Management application client truststore. On the Management application server, the truststore is maintained as two separate files: truststore and keystore. A truststore contains certificates from other third-parties with which the Management application server communicates. The truststore file is used when making decisions on what to trust"

 

 

 

 




If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook