HP Brocade 8/12c Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864 - Page 50
Signing the Brocade encryption node KAC certificates, Importing a signed KAC certificate into a switch
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 50 highlights
2 Steps for connecting to an SKM appliance Signing the Brocade encryption node KAC certificates The KAC certificate signing request generated when the encryption node is initialized must be exported for each encryption node and signed by the Brocade local CA on SKM. The signed certificate must then be imported back into the encryption node. 1. From the Encryption Center, select Switch > Export Certificate. The Export Switch Certificate dialog box displays. 2. Select Public Key Certificate Request (CSR) and click OK. A dialog box displays that allows you to save the CSR to your client PC. Alternatively, you may select Switch > Properties, and click the Export button beside the Public Key Certificate Request, or copy the CSR for pasting into the Certificate Request Copy area on the SKM Sign Certificate Request page. 3. Launch the SKM administration console in a web browser and log in. 4. Select the Security tab. 5. Select Local CAs under Certificates & CAs. The Certificate and CA Configuration page displays. 6. Under Local Certificate Authority List, select the Brocade CA name. 7. Select Sign Request. The Sign Certificate Request page is displayed. 8. Select Sign with Certificate Authority using the Brocade CA name with the maximum of 3649 days option. 9. Select Client as Certificate Purpose. 10. Allow Certificate Duration to default to 3649. 11. Paste the file contents that you copied in step 3 in the Certificate Request Copy area. 12. Select Sign Request. Upon success, you are presented with the option of downloading the signed certificate. 13. Download the signed certificate to your local system as signed_kac_skm_cert.pem. This file is then ready to be imported to the encryption switch or blade. Importing a signed KAC certificate into a switch After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported into the switch. 1. From the Encryption Center, select Switch > Import Certificate. The Import Signed Certificate dialog box displays. 2. Browse to the location where the signed certificate is stored. 3. Click OK. The signed certificate is stored on the switch. 32 Fabric OS Encryption Administrator's Guide 53-1001864-01