HP StorageWorks MSA 2/8 HP StorageWorks Secure Fabric OS V1.0 User Guide (AA-R - Page 110

Digital Certificates and PKI Objects, Is SSH part of the Secure Fabric OS feature?

Get HP StorageWorks MSA 2/8 - SAN Switch PDF manuals and user guides View all HP StorageWorks MSA 2/8 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 110 highlights

Managing Secure Fabric OS Can I use standard telnet when Secure Mode is enabled? No, standard telnet is not supported when Secure Mode is enabled. However, sectelnet is supported for Fabric OS v2.6.1, v3.1.x, and v4.1.x, and SSH is also supported for v4.1.x. Is SSH part of the Secure Fabric OS feature? No, SSH is automatically included with Fabric OS v4.1.x, regardless of whether the Secure Fabric OS license is activated. Digital Certificates and PKI Objects What is PKI? PKI stands for Pubic Key Infrastructure, and refers to the use of cryptography to provide security (such as authentication and encryption). Can digital certificates be duplicated or installed on other switches? No; digital certificates correspond to the switch WWN and the private/public key pair generated by the switch. Do I have to reinstall the digital certificate if I replace the motherboard? This depends on the version of Fabric OS on the new motherboard. Hardware shipped with Fabric OS v2.6.1, v3.1.x, or v4.1.x automatically includes digital certificates. To determine whether the new motherboard already has a digital certificate, follow the instructions for verifying the PKI objects. Do all switches already have a digital certificate? No, only switches that were shipped with v3.1.x or v4.1.x installed have digital certificates. For switches that are upgraded, follow the procedures provided under "Adding Secure Fabric OS to Switches that Require Upgrading" on page 27. How can I tell whether the digital certificate or PKI objects are available on a switch? For Fabric OS v4.1.x, enter the pkishow command. For other versions, enter configshow "pki". What happens if the PKI objects are deleted? PKI objects cannot be deleted in Secure Mode. If they are deleted when Secure Mode is disabled, Secure Mode cannot be re-enabled until they are regenerated. Any missing PKI objects, except the digital certificate, are automatically regenerated the next time the switch is rebooted. If the digital 110 Secure Fabric OS Version 1.0 User Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
Managing Secure Fabric OS
110
Secure Fabric OS Version 1.0 User Guide
Can I use standard telnet when Secure Mode is enabled?
No, standard telnet is not supported when Secure Mode is enabled. However,
sectelnet is supported for Fabric OS v2.6.1, v3.1.x, and v4.1.x, and SSH is
also supported for v4.1.x.
Is SSH part of the Secure Fabric OS feature?
No, SSH is automatically included with Fabric OS v4.1.x, regardless of
whether the Secure Fabric OS license is activated.
Digital Certificates and PKI Objects
What is PKI?
PKI stands for Pubic Key Infrastructure, and refers to the use of cryptography
to provide security (such as authentication and encryption).
Can digital certificates be duplicated or installed on other switches?
No; digital certificates correspond to the switch WWN and the private/public
key pair generated by the switch.
Do I have to reinstall the digital certificate if I replace the motherboard?
This depends on the version of Fabric OS on the new motherboard. Hardware
shipped with Fabric OS v2.6.1, v3.1.x, or v4.1.x automatically includes digital
certificates. To determine whether the new motherboard already has a digital
certificate, follow the instructions for verifying the PKI objects.
Do all switches already have a digital certificate?
No, only switches that were shipped with v3.1.x or v4.1.x installed have
digital certificates. For switches that are upgraded, follow the procedures
provided under “
Adding Secure Fabric OS to Switches that Require
Upgrading
” on page 27.
How can I tell whether the digital certificate or PKI objects are available on a
switch?
For Fabric OS v4.1.x, enter the
pkishow
command. For other versions,
enter
configshow “
pki”
.
What happens if the PKI objects are deleted?
PKI objects cannot be deleted in Secure Mode. If they are deleted when
Secure Mode is disabled, Secure Mode cannot be re-enabled until they are
regenerated. Any missing PKI objects, except the digital certificate, are
automatically regenerated the next time the switch is rebooted. If the digital