Hello Community,I have been working with some FOS v7.4* and to provide access thru SSL, I had to install certificates at those brocades. Now I am trying to perform the same process with FOS 8.2.0a1, but I am facing an error message as: Please import CA certificate before importing switch certificate.
Does anybody knows if this CA certificate is mandatory or if can I bypass this requirement?
Also, is this CA certificate is mandatory, where can I found instructions about how to create one?
Changes: - need to import merged CA certificate before installing the switch certificate - CRT format provided by IBM Internal Certificate Authority are not accepted anymore
Background information on changes since v8.1.0 Background information on changes since v8.1.0 The new procedure is documented in the FOS Admin Guide, starting from v8.2.0 (it was not part of the initial v8.1.0 Admin Guides) https://docs.broadcom.com/docs/53-1005237-05 (See attached file: fos-820a-adminguide.pdf) Important chapters: - Creating a complete chain of CA certificates, p. 207 - Installing a switch certificate, p. 216 Brocade Community: HTTPS Webtool GUI Problem after upgraded to v8.1.*. https://community.brocade.com/t5/Fibre-Channel-SAN-Forums/HTTPS-Webtool-GUI-Problem-after-upgraded-to-v8-1/m-p/94998#M27116 Merge the caintermediate and caroot to ca-merge.pem (add carootcert.pem at the end of caintermediatecert.pem and saved it as ca-merge.pem) Source: Download IBM Root and Intermediate certificates
Requirements: - SCP server of IBM Network Advisor 1) convert downloaded cert.crt to PEM format with OpenSSL:
Instructions: https://w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/IBM%20Internal%20Certificate%20Authority/page/How%20to%20convert%20certificates%20using%20OpenSSL PS C:\openssl-1.0.2q-x64_86-win64> .\openssl.exe x509 -inform der -in .\certname.crt -out certname.pem
2) install the ca-merge.pem on the switch:
tsfcs01:FID128:bsiebert> seccertmgmt import -ca -server https -protocol scp -ipaddr xx.xx.xx.xx -remotedir /certs -certname ca-merge.pem -login admin
email@example.com password: Success: imported https certificate [ca-merge.pem].
3) install switch PEM certificate on switch:
server:FID128:> seccertmgmt import -cert https -protocol scp -ipaddr xx.xx.xx.xx -remotedir /certs -certname certname.pem -login admin
firstname.lastname@example.org password: Success: imported https certificate [certname.pem]. Certificate file in configuration has been updated. Secure http has been enabled.
4) check installed certificates:
server:FID128:> seccertutil show
ssl private key: Exists List of certificate files: cacert.pem servercert.pem <-- both certificates have been renamed during import