HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 140
Additional Microsoft Active Directory settings, LDAP certificates for FIPS mode, Importing an LDAP
![]() |
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 140 highlights
Additional Microsoft Active Directory settings a. Set the following SCHANNEL settings listed in Table 43 to allow. To support FIPS compliant TLS cipher suites on Microsoft's Active Directory server, allow the SCHANNEL settings listed in Table 43. See the Microsoft website for instructions that explain how to allow the SCHANNEL settings for the ciphers, hashes, key exchange and the TLS protocol. Table 43 Active Directory Keys to modify Key Sub-key Ciphers Hashes Key exchange algorithm Protocols 3DES SHA1 PKCS TLSv1.0 b. Enable FIPS algorithm policy on the Microsoft Active Directory. Visit www.microsoft.com for instructions. LDAP certificates for FIPS mode To utilize the LDAP services for FIPS between the switch and the host, you must generate a CSR on the Active Directory server, import and export the CA certificates. To support server certificate validation, it is essential to have the CA certificate installed on the switch and Active Directory server. Issue the secCertUtil command to import the CA certificate to the switch. This will prompt for the remote IP and login credentials to fetch the CA certificate. The CA certificate should be in any of the standard certificate formats: .cer, .crt or .pem. For storing and obtaining CA certificates, follow the instructions earlier in this section. LDAP CA certificate file names should not contain spaces while using secCertUtil for import/export of the certificate. Importing an LDAP switch certificate This option imports the LDAP CA certificate from the remote host to the switch. 1. Connect to the switch and log in as admin. 2. Issue the secCertUtil import -ldapcacert command. Example of importing an LDAP certificate: switch:admin> seccertutil import -ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory: /users/aUser/certs Enter certificate name (must have ".crt" or ".cer" ".pem" suffix): LDAPTestCa.cer Enter Login Name: aUser Password: Success: imported certificate [LDAPTestCa.cer]. 140 Configuring advanced security features
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-611-administrator-guide-56970235-2009-a28315e/140.png)