HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 2009)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch

111

112

113

114

115

116

117

118

119

120

112 Configuring standard security features

3. Enter the keytool command and respond to the prompts (in the following example, changeit is the

default password and RootCert is an example root certificate name):

C:\Program Files\Java\j2re1.6.0\bin>

keytool -import -alias RootCert -file

RootCert.crt -keystore ..\lib\security\RootCerts

Enter keystore password:

changeit

Owner: CN=Brocade, OU=Software, O=Brocade Communications, L=San Jose,

ST=California, C=US

Issuer: CN=Brocade, OU=Software, O=Brocade Communications, L=San Jose,

ST=California, C=US

Serial number: 0

Valid from: Thu Jan 15 16:27:03 PST 2007 until: Sat Feb 14 16:27:03 PST

2007

Certificate fingerprints:

MD5: 71:E9:27:44:01:30:48:CC:09:4D:11:80:9D:DE:A5:E3

SHA1:

06:46:C5:A5:C8:6C:93:9C:FE:6A:C0:EC:66:E9:51:C2:DB:E6:4F:A1

Trust this certificate? [no]:

yes

Certificate was added to keystore

Summary of certificate commands

Table 20 identifies the commands for displaying and deleting certificates. For details on the commands,

see the Fabric OS Command Reference.

Telnet protocol

Telnet is enabled by default. To prevent passing clear text passwords over the network when connecting to

the switch, you can block the Telnet protocol using an IP Filter policy.

IMPORTANT: Before blocking Telnet, make sure you have an alternate method of establishing a

connection with the switch.

Blocking Telnet

1. Connect to the switch and log in as admin (connect through some means other than Telnet: for

example, through SSH).

2. Create a policy by typing the following command:

ipfilter --create policyname -type < ipv4 | ipv6 >

where policyname is the name of the new policy and

-type specifies an IPv4 or IPv6 address.

Example: Creating a policy

ipfilter --create block_telnet_v4 --type ipv4

3. Add a rule to the policy, by typing the following command:

ipfilter --addrule <policyname> -rule rule_number -sip source_IP

-dp dest_port -proto protocol -act <deny>

Table 20 Commands for displaying and deleting SSL certificates

Command Description

secCertUtil show Displays the state of the SSL key and a list of installed certificates

secCertUtil show filename Displays the contents of a specific certificate

secCertUtil showcsr Displays the contents of a CSR

secCertUtil delete filename Deletes a specified certificate

secCertUtil delcsr Deletes a CSR