Configure the user name and password – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 172

Advertising
background image

154

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)

3

3. Under Local Certificate Authority List, select the desired local CA name and verify that its CA

Status is shown as Active.

4. Click Sign Request.

The CA Certificate Information dialog box displays.

5. Select the local CA from the Sign with Certificate Authority drop-down list.

6. Select Client as Certificate Purpose.

7. Set Certificate Duration. (Default is 3649 days.)

8. Click Sign Request.

9. Download the signed certificate to your local system. The example uses the file name

“local_ca_SSKM_10.pem”.

10. Import the local CA (local_ca_SSKM_10.pem) and the signed KAC CSR.

helium_mace190:root> cryptocfg --sh -file -all
File name: gl_10.32.39.170.pem,size: 1338 bytes
File name: local_ca_SSKM_10.pem,size: 1590 bytes
File name: my_cert.pem,size: 1338 bytes
File name: helsinki_190_sskm_10.pem,size: 1654 bytes
File name: helium_pluto.pem,size: 1338 bytes
File name: cp_hel_plu.pem,size: 1338 bytes
helium_mace190:root> cryptocfg --import -scp local_ca_SSKM_10.pem 10.37.35.33
root /root/nazir/sskm/local_ca_SSKM_10.pem
Available Space:12288
Make sure your file size is not greater than 12288.
The switch will be unstable or the operation will fail if you exceed this
limit.
Do you want to procceed?
ARE YOU SURE (yes, y, no, n): [no] y
[email protected]'s password:
Operation succeeded.
helium_mace190:root> cryptocfg --import -scp helsinki_190_sskm_10.pem
10.37.35.33 root /root/nazir/sskm/helsinki_190_signed_sskm_10.pem
Available Space:8192
Make sure your file size is not greater than 8192.
The switch will be unstable or the operation will fail if you exceed this
limit.
Do you want to procceed?
ARE YOU SURE (yes, y, no, n): [no] y
[email protected]'s password:
Operation succeeded.

Configure the user name and password

1. Enter the following CLI for both the primary and secondary KeySecure nodes (if a secondary

KeySecure node is being used).

helium_mace190:root> cryptocfg --reg -KAClogin primary/secondary
Enter username for primary keyvault: brcduser
Enter password for primary keyvault:
Confirm password for primary keyvault:
helium_mace190:root>

Advertising
Popular Brands
Popular manuals