Importing the signed kac certificate, Importing the signed, Kac certificate – Brocade Fabric OS Encryption Administrator’s Guide Supporting RSA Data Protection Manager (DPM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 157

Advertising
background image

Fabric OS Encryption Administrator’s Guide (DPM)

137

53-1002922-01

Steps for connecting to a DPM appliance

3

3. Request the signed certificate.

Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.

4. Download and store the signed certificates.

The following example submits a CSR to the demoCA from RSA.

cd /opt/CA/demoCA

openssl x509 -req -sha1 -CAcreateserial -in certs/

<Switch CSR Name> -days 365

-CAcacert.pem -CAkey private/cakey.pem -out newcerts/<Switch Cert Name>

NOTE

You can change the number of days that a certificate will expire based on your site's security
policies. For more information on changing the certificate expiry date, refer to

“KAC certificate

registration expiry”

on page 240.

Importing the signed KAC certificate

The signed KAC certificate must be imported into the Brocade Encryption Switch or blade that
generated the CSR and then registered. You can import the signed KAC certificate to the switch
from a file on a LAN attached host, or you can write it to a USB storage device, attach the USB
storage device to the switch or blade, and import the certificate from that device. The following
describes both options:

1. Log in to the switch on which to import the certificate as Admin or SecurityAdmin.

2. Enter the cryptocfg

--

import command with the appropriate parameters.

The following example imports a certificate named kac_signed_cert.pem that was previously
exported to the external host 192.168.38.245. Certificates are imported to a predetermined
directory on the node.

SecurityAdmin:switch> cryptocfg --import -scp kac_signed_cert.pem \

192.168.38.245 mylogin /tmp/certs/kac_signed_cert.pem

Password:

Operation succeeded.

The following example imports a certificate named kac_signed_cert.pem that was previously
exported to USB storage.

SecurityAdmin:switch> cryptocfg --import -usb kac_signed_cert.pem \

kac_signed_cert.pem

Operation succeeded.

3. Register the KAC certificate.

SecurityAdmin:switch> cryptocfg --reg -KACcert kac_signed_cert.pem primary

4. Repeat steps 1 through 3 for every node in the encryption group.

Advertising
Popular Brands
Popular manuals