HP 8/40 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01, July 2009) - Page 171
Specifies the certificate file. This file must be imported prior to registering
View all HP 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 171 highlights
cryptoCfg 2 --create -encgroup Creates an encryption group. The node on which this command is invoked becomes the group leader. You must specify a name when creating an encryption group. encryption_group_name Specifies the name of the encryption group to be created. The name can be up to 15 characters long and include alphanumeric characters and underscores. White space, hyphens, and other special characters are not permitted. --delete -encgroup Deletes an encryption group with the specified name. This command is valid only on the group leader. This command fails if the encryption group has more than one node, or if any HA cluster configurations, CryptoTarget container/LUN configurations, or tape pool configurations exist in the encryption group. Remove excess member nodes and clear all HA cluster, CryptoTarget container/LUN, or tape pool configurations before deleting an encryption group. encryption_group_name Specifies the name of the encryption group to be deleted. This operand is required when deleting an encryption group. --reg -keyvault Registers the specified key vault (primary or secondary) with the encryption engines of all nodes present in an encryption group. Upon successful registration, a connection to the key vault is automatically established. This command is valid only on the group leader. Registered certificates are distributed from the group leader to all member nodes in the encryption group. Each node in the encryption group distributes the certificates to their respective encryption engines. The following operands are required when registering a key vault: cert_label Specifies the key vault certificate label. This is a user-generated name for the specified key vault. Use cryptocfg --show -groupcfg to view the key vault label after registration is complete. certfile Specifies the certificate file. This file must be imported prior to registering the key vault and reside in the predetermined directory where certificates are stored. In the case of the HP SKM, this operand specifies the CA file, which is the certificate of the signing authority on the SKM. Use --show -file -all for a listing of imported certificates. hostname | ip_address Specifies the key vault by providing either a host name or IP address. If you are registering a key vault that is part of an RKM cluster, the value for ip_address is the virtual IP address for the RKM cluster and not the address of the actual key vault. primary | secondary Specifies the key vault as either primary or secondary. The secondary key vault serves as backup. --dereg -keyvault Removes the registration for a specified key vault. The key vault registration is identified by specifying the certificate label. Removing a key vault registration disconnects the key vault. This command is valid only on the group leader. Fabric OS Command Reference 141 53-1001337-01