Upstream
/
lab-docu
mirror of https://github.com/Fohdeesha/lab-docu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clean up https cert info

This commit is contained in:
Jon Sands 2022-08-06 08:19:16 -04:00
parent fecfe62088
commit bdb8b68289
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/icx6xxx-adv.md
View File

@ -36,9 +36,9 @@ Once you get an `ssl-certificate creation is successful` message in the consol
??? info
If you want to use your own certificate that is also possible. It's important to remember that the switch [doesn't support PKCS #8](https://community.ruckuswireless.com/t5/Switches/Can-t-import-SSL-certificates-quot-Could-not-parse-the-PEM/m-p/18554/highlight/true#M686) and this isn't actually [documented anywhere](https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-E83AC70A-9F89-4209-B6C4-ED5725D4F487.html). You must create certificates using the PKCS #1 format. If you try to use PKCS #8 (the default for openssl), you'll get certificate parsing errors.
The ICX6610 again doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
The ICX6xxx series doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
1. Create new Root CA
Create a new Root CA:
```
pass='{{ pass }}' \
name='{{ name }}' \
@ -55,12 +55,12 @@ Once you get an `ssl-certificate creation is successful` message in the consol
-days 3650
```
2. Generate key in PKCS#1 format. Use the `-traditional`, see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details.
Generate a key in PKCS #1 format using the `-traditional` flag (see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details):
```
openssl genrsa -traditional -out keyfile 2048
```
3. Create certificate sign request
Create the certificate signing request:
```
name='{{ name }}' \
C='{{ country }}' \
@ -76,7 +76,7 @@ Once you get an `ssl-certificate creation is successful` message in the consol
-config <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
```
4. Sign certificate request
Sign the certificate request:
```
name='{{ name }}' \
openssl x509 \
@ -93,13 +93,14 @@ Once you get an `ssl-certificate creation is successful` message in the consol
-extfile <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
```
5. Install your own certificate via tftp
Install your custom certificate on the switch via TFTP:
```
ip ssl cert-key-size 2048
ip ssl certificate-data-file tftp 192.168.1.51 certfile
ip ssl private-key-file tftp 192.168.1.51 keyfile
web-management https
```
That's it! the web UI should now use your cert when loaded via HTTPS
You should enable authentication for telnet access:
```

2
overrides/main.html
View File

@ -2,7 +2,6 @@
{% block announce %}
<center>
<font color="white">
<a href="https://github.com/Fohdeesha/lab-docu/commits/master" target="_blank">Docu Version: v4.1 (08-06-2022)</a>
-
<a href="https://github.com/Fohdeesha/lab-docu" target="_blank">Sources, Suggest, Contribute</a>
@ -10,7 +9,6 @@
<a href="mailto:jon@fohdeesha.com?subject=Lab Docu">Contact</a>
-
<a href="https://www.paypal.com/donate?hosted_button_id=4ULUCCKQ2TAEQ" target="_blank">Donate</a>
</font>
</center>
{% endblock %}