Obtaining and importing the lkm/sskm certificate, Obtaining and importing the, Lkm/sskm certificate – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual
Page 1074
1002
Brocade Network Advisor SAN + IP User Manual
53-1003155-01
Steps for connecting to an LKM/SSKM appliance
25
7. Save the TAP to a file (location does not matter).
8. Select the Link Keys tab from the Encryption Group Properties dialog box.
9. Select the switch in the link key status table, then click Accept to retrieve the TAP from the
LKM/SSKM appliance.
10. Repeat the above steps for each of the remaining member nodes.
Obtaining and importing the LKM/SSKM certificate
Certificates must be exchanged between the LKM/SSKM appliance and the encryption switch to
enable mutual authentication. You must obtain a certificate from the LKM/SSKM appliance and
import it into the encryption Group Leader. The encryption Group Leader exports the certificate to
other encryption group members.
To obtain and import an LKM/SSKM certificate, complete the following steps:
1. Open an SSH connection to the NetApp LKM/SSKM appliance and log in.
host$ssh [email protected]
[email protected]'s password:
Copyright (c) 2001-2009 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.
2. Add the Group Leader to the LKM/SSKM key sharing group. Enter lkmserver add
--
type
third-party
--
key-sharing-group "/" followed by the Group Leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/"
10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
3. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM certificate
content.
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
4. Copy and paste the LKM/SSKM certificate content from the NetApp LKM/SSKM appliance
terminal into an editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the
entire certificate, including the lines
-----BEGIN CERTIFICATE-----
and
-----END
CERTIFICATE-----.
5. If you are using BNAthe Management application, the path to the file must be specified in the
Select Key Vault dialog box when creating a Group Leader. If the proper path is entered, the file
is imported.