Dell Brocade 6510 Fabric OS Command Reference v7.1.0 - Page 213
reg -keyvault, cryptocfg --show -groupcfg, show -file -all, reg -KACcert, encryption_group_name
View all Dell Brocade 6510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 213 highlights
cryptoCfg 2 encryption_group_name Specifies the name of the encryption group to be deleted. This operand is required when deleting an encryption group. --reg -keyvault Registers the specified key vault (primary or secondary) with the encryption engines of all nodes present in an encryption group. Upon successful registration, a connection to the key vault is automatically established. This command is valid only on the group leader. Registered certificates are distributed from the group leader to all member nodes in the encryption group. Each node in the encryption group distributes the certificates to their respective encryption engines. The following operands are required when registering a key vault: cert_label Specifies the key vault certificate label. This is a user-generated name for the specified key vault. Use the cryptocfg --show -groupcfg command to view the key vault label after registration is complete. certfile Specifies the certificate file. This file must be imported prior to registering the key vault and reside in the predetermined directory where certificates are stored. In the case of the HP SKM, this operand specifies CA file, which is the certificate of the signing authority on the SKM. Use the --show -file -all command for a listing of imported certificates. hostname | ip_address Specifies the key vault by providing either a host name or IP address. If you are registering a key vault that is part of an DPM cluster, the value for ip_address is the virtual IP address for the DPM cluster and not the address of the actual key vault. primary | secondary Specifies the key vault as either primary or secondary. The secondary key vault serves as backup. --dereg -keyvault Removes the registration for a specified key vault. The key vault is identified by specifying the certificate label. Removing a key vault registration disconnects the key vault. This command is valid only on the group leader. cert_label Specifies the key vault certificate label. This operand is required when removing the registration for a key vault. --reg -KACcert Registers the signed node certificate. After being exported and signed by the external signing authority, the signed node certificate must be imported back into the node and registered for a successful two-way certificate exchange with the key vault. This command is valid only on the group leader. Registration functions need to be invoked on all the nodes in a DEK cluster for their respective signed node certificates. The following operands are required: signed_certfile Specifies the name of the signed node certificate to be reimported. primary | secondary Specifies the signing key vault as primary or secondary. This operand is valid only with the TEKA, SKM, or KMIP key vault, which requires the CSR to be signed by the primary or secondary vault. If both primary and secondary vaults are configured, this command must be run once for the primary and once for secondary key vault from every node. Fabric OS Command Reference 185 53-1002746-01