HP A7533A HP StorageWorks Fabric OS 6.1.x administrator guide (5697-0234, Nove - Page 140
Preparing the switch for FIPS
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 140 highlights
Exporting an LDAP switch certificate This option exports the LDAP CA certificate from the switch to the remote host. 1. Connect to the switch and log in as admin. 2. Enter the secCertUtil export -ldapcacert command. Example of exporting an LDAP CA certificate switch:admin> seccertutil export -ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory: /users/aUser/certs Enter Login Name: aUser Enter LDAP certificate name (must have ".pem" \ suffix):LDAPTestCa.cer Password: Success: exported LDAP certificate Deleting an LDAP switch certificate This option deletes the LDAP CA certificate from the switch. 1. Connect to the switch and log in as admin. 2. Enter the secCertUtil delete -ldapcacert command. Where the is the name of the LDAP certificate on the switch Example of deleting an LDAP CA certificate switch:admin> seccertutil delete -ldapcacert LDAPTestCa.pem WARNING!!! About to delete certificate: LDAPTestCa.cer ARE YOU SURE (yes, y, no, n): [no] y Deleted LDAP certificate successfully Preparing the switch for FIPS The following functionalities are blocked in FIPS mode. Therefore, it is important to prepare the switch by disabling these functionalities prior to enabling FIPS. • The root account is blocked in FIPS mode. Therefore, all root only functionalities will not be available. • HTTP, Telnet, RPC, SNMP protocols need to be disabled. Once these are blocked, you cannot use these protocols to read or write data from and to the switch • Configdownload and firmwaredownload using an FTP server will be blocked. See Table 41 on page 136 for a complete list of restrictions between FIPS and non-FIPS mode. IMPORTANT: Only roles with SecurityAdmin and Admin can enable FIPS mode. 140 Configuring advanced security features