Home » HP Manuals » Storage Devices » HP StorageWorks 2/16V » Manual Viewer

HP StorageWorks 2/16V Brocade Secure Fabric OS Administrator's Guide (53-10002 - Page 42

Accessing PKI Certificate Help, To access PKI help

View all HP StorageWorks 2/16V manuals

Add to My Manuals
Save this manual to your list of manuals

Page 42 highlights

2 2-20 Accessing PKI Certificate Help The purpose of PKI help is to obtain command line information about PKICert and obtain advice on advanced options for advanced users. To access PKI help 1. Select option 4 (as shown in the following example) and follow the screen prompts: PKI CERTIFICATE INSTALLATION UTILITY pki_v1.0.6 FUNCTIONS 1) Retrieve CSRs from switches & write a CSR file 2) Install Certificates contained in a Certificate file 3) Generate a Licensed-Product/Installed-Certificates report 4) Help using PKI-Cert to get & install certificates q) Quit PKI Certificate installation utility Enter choice> 4 HELP USING PKI-CERT TO GET & INSTALL DIGITAL CERTIFICATIONS NOTE:This utility will only work with switches running a FAB-OS version that supports Fabric Security (e.g. >= v2.6, v3.2, v4.3) 1) Use PKI-Cert to get CSR's (Certificate Signing Requests) which will be written to a data file. The XML format file will contain CSR's for each switch (identified by its WWN). 2) Next, Upload the CSR file to the Brocade Security Upgrade website. A data file will be emailed to you containing a set of digital Certificates, one for each switch, in XML format. 3) Finally, use PKI-Cert to install the Certificates. You will be prompted for the name of the data file containing the certificates. Some options may be given on the command line such as "Log-Level." Read help for Batch/Command-Line mode usage (y/n)? > y HELP WITH COMMAND LINE USEAGE OF PKI CERTIFICATE UTILITY pkicert [-gGil] [_e log-file] [-d data-file] [-a addr-file] [-A switch-addr] [-L log-level] [-u user-login -p password] Task Options: -g Get CSRs & generate a CSR data file -G Get CSRs (even from switches with certificates) -i Install Certificates from a data file -l Licensed Product Report compile & generate If none of the above "task" options is given, Pki-Cert will operate in "Interactive" rather than "Batch" mode. Other OPtions: Log-file: -e (events/errors log) Path/file-name of log file created and written to (or if it already exists, apprended to ) with event/error data Secure Fabric OS Administrator's Guide Publication Number: 53-1000244-01

Section	Page
About This Document	5
Chapter 1 Introducing Secure Fabric OS	5
Chapter 2 Preparing the Fabric for Secure Fabric OS	5
Chapter 3 Enabling Secure Fabric OS and Creating Policies	6
Chapter 4 Managing Secure Fabric OS	7
Appendix A Removing Secure Fabric OS Capability	7
Appendix B Secure Fabric OS Commands and Secure Mode Restrictions	7
Index	7
About This Document	9
How This Document Is Organized	9
Supported Hardware and Software	10
What’s New in This Document	10
Document Conventions	11
Text Formatting	11
Notes, Cautions, and Warnings	11
Key Terms	12
Additional Information	12
Brocade Resources	12
Other Industry Resources	14
Getting Technical Help	15
Document Feedback	16
Introducing Secure Fabric OS	17
Management Channel Security	18
Switch-to-Switch Authentication	19
Using PKI	19
Using DH-CHAP	20
Fabric Configuration Server Switches	20
Fabric Management Policy Set	21
Preparing the Fabric for Secure Fabric OS	23
Prerequisites for a Secure Fabric Environment	23
Verifying Compatible Fabric OS Version	24
Verifying or Activating Secure Fabric OS and Advanced Zoning Licenses	25
Verifying the Digital Certificate	26
Displaying the Digital Certificate Status	26
Creating PKI Objects	27
Removing PKI Objects	28
Obtaining the Digital Certificate File	29
Configuring Switch-to-Switch Authentication	44
Selecting Authentication Protocols	45
Managing Shared Secrets	46
Preparing SilkWorm 24000 for Secure Fabric OS	48
Installing a Supported CLI Client on a Workstation	50
Enabling Secure Fabric OS and Creating Policies	51
Prerequisites to Enabling Secure Mode	51
Default Fabric and Switch Accessibility	52
Enabling Secure Mode	52
Modifying the FCS Policy	58
Changing the Position of a Switch Within the FCS Policy	59
Failing Over the Primary FCS Switch	60
Creating Secure Fabric OS Policies Other Than the FCS Policy	61
Creating a MAC Policy	62
Creating an Options Policy	70
Creating a DCC Policy	71
Creating an SCC Policy	74
Managing Secure Fabric OS Policies	75
Saving Changes to Secure Fabric OS Policies	76
Activating Changes to Secure Fabric OS Policies	77
Adding a Member to an Existing Policy	77
Removing a Member from a Policy	78
Deleting a Policy	78
Aborting All Uncommitted Changes	79
Aborting a Secure Fabric OS Transaction	79
Managing Secure Fabric OS	81
Viewing Secure Fabric OS Information	81
Displaying General Secure Fabric OS Information	82
Viewing the Secure Fabric OS Policy Database	82
Displaying Individual Secure Fabric OS Policies	83
Displaying Status of Secure Mode	84
Displaying and Resetting Secure Fabric OS Statistics	85
Displaying Secure Fabric OS Statistics	86
Resetting Secure Fabric OS Statistics	87
Managing Passwords	88
Modifying Passwords in Secure Mode	90
Using Temporary Passwords	91
Resetting the Version Number and Time Stamp	92
Adding Switches and Merging Fabrics with Secure Mode Enabled	93
Preventing a LUN Connection	97
Troubleshooting	97
Removing Secure Fabric OS Capability	103
Preparing the Fabric for Removal of Secure Fabric OS Policies	103
Disabling Secure Mode	104
Deactivating the Secure Fabric OS License on Each Switch	105
Uninstalling Related Items from the Host	105
Secure Fabric OS Commands and Secure Mode Restrictions	107
Secure Fabric OS Commands	107
Command Restrictions in Secure Mode	112
Zoning Commands	112
Miscellaneous Commands	113
Index	115
A	115
C	115
D	116
E	116
F	116
H	116
I	116
J	116
L	116
M	116
N	116
O	117
P	117
R	117
S	117
T	118
U	118
V	118
W	118

Match case Limit results 1 per page

2-20

Secure Fabric OS Administrator’s Guide

Publication Number: 53-1000244-01

Accessing PKI Certificate Help

The purpose of PKI help is to obtain command line information about PKICert and obtain advice on

advanced options for advanced users.

To access PKI help

Select option

(as shown in the following example) and follow the screen prompts:

PKI CERTIFICATE INSTALLATION UTILITY pki_v1.0.6

FUNCTIONS

Retrieve CSRs from switches & write a CSR file

Install Certificates contained in a Certificate file

Generate a Licensed-Product/Installed-Certificates report

Help using PKI-Cert to get & install certificates

Quit PKI Certificate installation utility

Enter choice>

HELP USING PKI-CERT TO GET & INSTALL DIGITAL CERTIFICATIONS

NOTE:This utility will only work with switches running a FAB-OS version

that supports Fabric Security (e.g. >= v2.6, v3.2, v4.3)

Use PKI-Cert to get CSR’s (Certificate Signing Requests) which will be

written to a data file. The XML format file will contain CSR’s for each

switch (identified by its WWN).

Next, Upload the CSR file to the Brocade Security Upgrade website. A data

file will be emailed to you containing a set of digital Certificates, one

for

each switch, in XML format.

Finally, use PKI-Cert to install the Certificates. You will be prompted for

the name of the data file containing the certificates.

Some options may be given on the command line such as “Log-Level.”

Read help for Batch/Command-Line mode usage (y/n)? >

HELP WITH COMMAND LINE USEAGE OF PKI CERTIFICATE UTILITY

pkicert [-gGil] [_e log-file] [-d data-file] [-a addr-file] [-A switch-addr] [-L

log-level] [-u user-login -p password]

Task Options:

-g Get CSRs & generate a CSR data file

-G Get CSRs (even from switches with certificates)

-i Install Certificates from a data file

-l Licensed Product Report compile & generate

If none of the above “task” options is given, Pki-Cert will operate in

“Interactive” rather than “Batch” mode.

Other OPtions:

Log-file: -e (events/errors log)

Path/file-name of log file created and written to (or if it already exists,

apprended to ) with event/error data