For more details, please see ourCookie Policy.

Fibre Channel (SAN)

Posts: 0

FabOS and creating a Self-Signed Certificate


Does anyone tried to create a self-signed certificate based on a switch .CSR file.

I want to self-sign the file without an official CA.

Any ideas?

Kind regards,


Posts: 0

Re: FabOS and creating a Self-Signed Certificate

Brocade Support does not provided detailed information on the entire process.  They leave you to figure out a lot of the details, which is very disappointing.

If you have a Windows 2008 R2 Certificate Authority setup, I have confirmed the following works:

Note: Change the IP address to reflect your SAN switch

* Run the following commands (Note: Change the localization info for the CSR to relect your organization.)

seccertutil genkey -nowarn -keysize 1024
seccertutil gencsr -country "US" -state "Florida" -locality "Fort Myers" -org "ABC Corp" -orgunit "IT" -cn
seccertutil showcsr

***** ***** ***** ***** *****

* From the output of the "seccerutil showcsr", copy the CRL info at the bottom of the output.
* It must start with the BEGIN line listed below and end with the END line listed below.


* Save this to a text file named "".
* Copy this text file to your Windows Server 2008 R2 Certificate Authority Server.

***** ***** ***** ***** *****

* Open a command prompt as Administrator.
* In the command prompt, run the command below.

certreq -submit -attrib CertificateTemplate:WebServer

* During the command execution browse and select your "" text file.
* You will be prompted for the Certificate Server, select your server.
* You will be prompted to save the certificate, save it as ""
* Copy this file to your Local PC in your ftp folder.

***** ***** ***** ***** *****

* Open the certificate in your ftp folder.
* Click the "Details" tab.
* Click the "Copy to File..." button.
* Click the "Next >" button.
* Select "DER encoded binary X.509 (.CER)".
* Click the "Next >" button.
* Save the file as "SANCERT." to your ftp folder.

***** ***** ***** ***** *****

* Run the following command

seccertutil import -config swcert -enable https

* Make sure you choose the "SANCERT." file.

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.