Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

721

53-1003099-01

14

9. Define the following configuration parameters required for the Import of the CRL

10. Select OK to import the CRL. Select Cancel to revert the screen to its last saved configuration.

11. To import a signed certificate to the controller or service platform, select Import Signed Cert

from the Import New Trustpoint screen.

Signed certificates (or root certificates) avoid the use of public or private CAs. A self-signed
certificate is an identity certificate signed by its own creator, thus the certificate creator also
signs off on its legitimacy. The lack of mistakes or corruption in the issuance of self signed
certificates is central.

Self-signed certificates cannot be revoked which may allow an attacker who has already
gained access to monitor and inject data into a connection to spoof an identity if a private key
has been compromised. However, CAs have the ability to revoke a compromised certificate,
preventing its further use.

Trustpoint Name

Enter the 32 character maximum name assigned to the target trustpoint signing the certificate. A
trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration
parameters, and an association with an enrolled identity certificate.

From Network

Select the

From Network radio button to provide network address information to the location of the

target CRL. The number of additional fields that populate the screen is also dependent on the selected
protocol. This is the default setting.

URL

Provide the complete URL to the location of the CRL. If needed, select Advanced to expand the dialog to
display network address information to the location of the CRL. The number of additional fields that
populate the screen is also dependent on the selected protocol.

Protocol

Select the protocol used for importing the CRL. Available options include:
tftp
ftp
sftp
http
cf
usb1-4

Port

Use the spinner control to set the port. This option is not valid for cf and usb1-4.

Host

Provide the hostname or numeric IP address of the server used to export the trustpoint. This option is
not valid for cf and usb1-4.

Path/File

Specify the path to the CRL. Enter the complete relative path to the file on the server.

Cut and Paste

Select the

Cut and Paste radio button to simply copy an existing CRL into the cut and past field. When

pasting a CRL, no additional network address information is required.