Using Fabric Manager Web Client With Ssl - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Chapter 7 Fabric Manager Web Client
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Using Fabric Manager Web Client with SSL

Fabric Manager Web Client uses TCP port 80 by default. If you want to install SSL certificates and use
Fabric Manager Web Client over HTTPS (using TCP port 443 or another custom port), you need a
certificate for each external IP address that accepts secure connections. You can purchase these
certificates from a well-known Certificate Authority (CA).
To enable SSL, users must set up the keystore to use either a self-signed certificate or a certificate from
a trusted third-party company such as Verisign.
To create a local certificate, follow these steps:
Step 1 Set up a keystore to use self-signed certificate (local certificate). From the command line, enter the
following command:
%JAVA_HOME%/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore "C:\Program
Files\Cisco Systems\MDS 9000\keystore"
Enter your name, organization, state, and country. Enter changeit when prompted for a keystore
Step 2
password. If you prefer to use your own password, do not forget to change the keystorepass attribute in
the server.xml file. When prompted for a key password, press Enter or use the same password as the
keystore password.
Note
In order to obtain a certificate from the Certificate Authority of your choice, you must create a Certificate
Signing Request (CSR). The CSR is used by the certificate authority to create a certificate that identifies
your website as secure.
To create a CSR, follow these steps:
Create a local certificate (as described in the previous section).
Step 1
Note
The CSR is then created with this command:
Step 2
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore "C:\Program
Files\Cisco Systems\MDS 9000\keystore"
Now you have a file called certreq.csr. The file is encoded in PEM format. You can submit it to the
certificate authority. You can find instructions for submitting the file on the Certificate Authority
website. You will receive a certificate.
Once you have your certificate, you can import it into your local keystore. You must first import a Chain
Step 3
Certificate or Root Certificate into your keystore. You can then import your certificate.
Download a Chain Certificate from the Certificate Authority where you obtained the certificate:
Step 4
•
OL-17256-03, Cisco MDS NX-OS Release 4.x
You can now follow the steps in the next section for modifying Fabric Manager Web Client to
use SSL.
You must enter the domain of your website in the field first and last name in order to create a
working certificate.
For Verisign.com commercial certificates, go to:
http://www.verisign.com/support/install/intermediate.html
Cisco MDS 9000 Family Fabric Manager Configuration Guide
Installing Fabric Manager Web Client
7-5