Setting encryption node initialization – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 46
28
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Encryption node initialization and certificate generation
2
3. Enter the link IP address and mask, and the gateway IP address.
•
Eth0 IP /Mask identifies the Ge0 interface IP address and mask.
•
Eth1 IP /Mask identifies the Ge1 interface IP address and mask.
•
The Gateway IP address is optional.
4. Click OK.
Encryption node initialization and certificate generation
When an encryption node is initialized, the following security parameters and certificates are
generated:
•
FIPS crypto officer
•
FIPS user
•
Node CP certificate
•
A signed Key Authentication Center
(
KAC) certificate
•
A KAC Certificate Signing Request (CSR)
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
Setting encryption node initialization
Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration. Encryption nodes may also be initialized from the Encryption Center dialog box.
1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from
the menu task bar.
2. Select Yes after reading the warning message to initialize the node.