HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 41
Encryption node initialization and certificate generation
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
Encryption node initialization and certificate generation 2 Encryption node initialization and certificate generation When an encryption node is initialized, the following security parameters and certificates are generated: • FIPS crypto officer • FIPS user • Node CP certificate • A self-signed Key authentication center (KAC) certificate • A Key authentication center (KAC) signing request (CSR) From the standpoint of external SAN management application operations, the FIPS crypto officer, FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for operations with key managers. In most cases, KAC certificate signing requests must be sent to a Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In all cases, signed KACs must be present on each switch. Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a configuration. Encryption nodes may also be initialized from the Encryption Center. 1. From the Encryption Center, select Switch > Init Node. The following warning displays. 2. Select Yes to initialize the node. Fabric OS Encryption Administrator's Guide 23 53-1001864-01