HP 8/8 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 126
Signing the Brocade encryption node KAC certificates, Allow Certificate
View all HP 8/8 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 126 highlights
3 Steps for connecting to an SKM appliance Signing the Brocade encryption node KAC certificates The KAC certificate signing request generated when the encryption node is initialized must be exported for each encryption node and signed by the Brocade local CA on SKM. The signed certificate must then be imported back into the encryption node. 1. Export the KAC sign request to an SCP-capable host. SecurityAdmin:switch>cryptocfg --export -scp -KACcsr 192.168.38.245 mylogin /tmp/certs/kac_skm.csr 2. Open the exported file and copy the contents, beginning with ---BEGIN CERTIFICATE REQUEST--- and ending with ---END CERTIFICATE REQUEST---. Be careful not to include any extra characters. 3. Launch the SKM administration console in a web browser and log in. 4. Select the Security tab. 5. Select Local CAs under Certificates & CAs. The Certificate and CA Configuration page displays. 6. Under Local Certificate Authority List, select the Brocade CA name. 7. Select Sign Request. The Sign Certificate Request page is displayed. 8. Select Sign with Certificate Authority using the Brocade CA name with the maximum of 3649 days option. 9. Select Client as Certificate Purpose. 10. Allow Certificate Duration to default to 3649. 11. Paste the file contents that you copied in step 3 in the Certificate Request Copy area. 12. Select Sign Request. Upon success, you are presented with the option of downloading the signed certificate. 13. Download the signed certificate to your local system as signed_kac_skm_cert.pem. 14. Import the signed certificate from its location, or from a USB storage device. SecurityAdmin:switch>cryptocfg --import -scp signed_kac_skm_cert.pem \ 192.168.38.245 mylogin /tmp/certs/kac_skm_cert.pem Password: Operation succeeded. The following example imports a KAC certificate that was previously exported to USB storage. SecurityAdmin:switch>cryptocfg --import -usb signed_kac_skm_cert.pem \ kac_skm_cert.pem Operation succeeded. 15. Register the KAC certificate. SecurityAdmin:switch>cryptocfg --reg -KACcert signed_kac_skm_cert.pem Operation succeeded 16. Repeat this procedure for every encryption node that is expected to perform encryption within the fabric. 108 Fabric OS Encryption Administrator's Guide 53-1001864-01