HP Cisco MDS 9134 Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 250
Generating KMC Certificate, Generating and Installing Self-Signed Certificates
View all HP Cisco MDS 9134 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 250 highlights
Generating and Installing Self-Signed Certificates Appendix C Provisioning Self-Sign Certificates Send documentation comments to [email protected] Generating KMC Certificate To generate the KMC server certificate, follow these steps: Step 1 Step 2 Generate KMC certificate by entering the following commands in the OpenSSL application: OpenSSL> genrsa -out sme_kmc_server.key 1024 OpenSSL> req -new -key sme_kmc_server.key -out sme_kmc_server.csr OpenSSL> x509 -req -days 365 -in sme_kmc_server.csr -CA cacert.pem -CAkey privkey.pem -CAcreateserial -out sme_kmc_server.cert OpenSSL> pkcs12 -export -in sme_kmc_server.cert -inkey sme_kmc_server.key -out sme_kmc_server.p12 Import this PKCS12 keystore to Java Keystores using JAVA keytool (JRE 1.6). "C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importkeystore -srckeystore sme_kmc_server.p12 -srcstoretype PKCS12 -destkeystore sme_kmc_server.jks -deststoretype JKS Note Remember the password as it needs to be updated in the properties file. Step 3 Step 4 Step 5 Step 6 Import the CA certificate to Java Keystores using JAVA keytool (JRE 1.6). "C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importcert -file cacert.pem -keystore sme_kmc_trust.jks -storetype JKS Place these keystore files in mds9000/conf/cert directory. Modify the KMC SSL settings in the Key Manager Settings in Fabric Manager Web Client. Restart the Fabric Manager server. Note You can also use sme_kmc_server.p12 as KMC server certificate and cacert.pem as KMC trust certificate instead of using Java keystores created in Step 3 and 4. Generating and Installing Self-Signed Certificates To configure SSL when KMC is not integrated with Fabric Manager server, follow these steps: Step 1 Create the required certificates by using the following commands: switch:./createSmeCerts.tcl Usage: ./createSmeCerts.tcl [r] [k] [s] [a] [h] r Generate Root CA certificate k Generate KMC server certificate s Generate Switch certificate and configure switch trust point a Generate all certificates and configure switch h Print this usage screen Usage: ./createSmeCerts.tcl [r] [k] [s] [a] [h] r Generate Root CA certificate k Generate KMC server certificate s Generate Switch certificate and configure switch trust point Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-4 OL-18091-01, Cisco MDS NX-OS Release 4.x