Dell Brocade 6520 Command Reference Supporting Fabric OS v7.1.0 - Page 202
export, dnsConfig, cpcert.pem, dhchallenge, currentMK, KACcert, cryptocfg --reg -KACcert, CPcert
View all Dell Brocade 6520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 202 highlights
2 cryptoCfg --export Exports a certificate from the local encryption switch or blade to a specified external host or to a mounted USB device. This command is valid on all nodes. The files are exported from the predetermined directory that was generated during the node initialization phase. The following operands are supported with the --export command: -scp Exports a specified certificate to an external host using the secure copy (SCP) protocol. When -scp is specified, the following operands are required: host IP| host_name Specifies the IP address of the host to which the file is to be exported. To specify the host by name, it must first be configured with the dnsConfig command. host_username Specifies the user name for the host. Depending on your host configuration, the command may prompt for a password. host_file_path Specifies the fully qualified path to the file on the host to which the file is to be exported. This includes the file name. Make sure to name your certificates so you can track the file type and the originator switch, for example, name_cpcert.pem. -usb Exports a specified certificate to a mounted USB storage device. When -usb is specified, the following operands are required: dest_filename Specifies the name of the file on the USB device to which the file is to be exported. The file is stored in a predetermined default directory on the storage device. Specify one of the following certificates to be exported. Certificates must be specified by file type. Referring to certificates by file name is not permitted. These file types are valid both with the -scp and with the -usb options. -dhchallenge vault_IP_address Exports the DH Challenge file for the specified key vault. -currentMK Exports the current master key file. -KACcert Exports the KAC certificate. -KACcsr Exports the certificate sign request file. Use the cryptocfg --reg -KACcert command to register the certificate on the node after it has been signed and reimported. This procedure must be performed for allnodes that participate in a two-way certificate exchange-based authentication mechanism with key vaults. Two-way certificate exchange is supported only for the DPM, HP SKM, and TEKA key vaults. -CPcert Exports the member node CP certificate. --import Imports a certificate from a specified external host or from a mounted USB storage device to a predetermined directory on the local encryption switch or blade. This command is valid on all nodes. 174 Fabric OS Command Reference 53-1002746-01