HP AE370A HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 20 - Page 161
Preparing the switch for FIPS
![]() |
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 161 highlights
Example of exporting an LDAP CA certificate switch:admin> seccertutil export -ldapcacert Select protocol [ftp or scp]: scp Enter IP address: 192.168.38.206 Enter remote directory: /users/aUser/certs Enter Login Name: aUser Enter LDAP certificate name (must have ".pem" \ suffix):LDAPTestCa.cer Password: Success: exported LDAP certificate Deleting an LDAP switch certificate This option deletes the LDAP CA certificate from the switch. 1. Connect to the switch and log in as admin. 2. Enter the secCertUtil delete -ldapcacert command. Where the is the name of the LDAP certificate on the switch Example of deleting an LDAP CA certificate switch:admin> seccertutil delete -ldapcacert LDAPTestCa.pem WARNING!!! About to delete certificate: LDAPTestCa.cer ARE YOU SURE (yes, y, no, n): [no] y Deleted LDAP certificate successfully Preparing the switch for FIPS The following functions are blocked in FIPS mode. Therefore, it is important to prepare the switch by disabling these functions prior to enabling FIPS: • The root account and all root-only functions are not available. • HTTP, Telnet, RPC, SNMP protocols need to be disabled. Once these are blocked, you cannot use these protocols to read or write data from and to the switch. • The configDownload and firmwareDownload commands using an FTP server are blocked. See Table 43 on page 156 for a complete list of restrictions between FIPS and non-FIPS modes. IMPORTANT: Only roles with SecurityAdmin and Admin can enable FIPS mode. Overview of steps 1. Optional: Configure RADIUS server or LDAP server. 2. Optional: Configure authentication protocols. 3. For LDAP only: Install SSL certificate on Microsoft Active Directory server and CA certificate on the switch for using LDAP authentication. 4. Block Telnet, HTTP, and RPC. 5. Disable BootProm access. 6. Configure the switch for signed firmware. 7. Disable root access. 8. Enable FIPS. Fabric OS 6.2 administrator guide 159
![](/manual_guide/products/hewlettpackard-ae370a-hp-storageworks-fabric-os-62-administrator-guide-56970016-2009-268764b/161.png)