Steps for connecting to a kmip-compliant safenet, Keysecure, Steps for connecting to a – Brocade Network Advisor SAN + IP User Manual v12.3.0 User Manual

Brocade Network Advisor SAN + IP User Manual

1025

53-1003155-01

Steps for connecting to a KMIP-compliant SafeNet KeySecure

25

FIGURE 396

Import Signed Certificate dialog box

3. Browse to the location where the signed certificate is stored, then click OK.

The signed certificate is stored on the switch.

Steps for connecting to a KMIP-compliant SafeNet KeySecure

With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the Brocade Encryption Switchswitch. Any
KMIP-compliant server can be reregistered as a KMIP key vault on the Brocade Encryption
Switchswitch after setting the key vault type to KMIP.

Currently, KMIP with SafeNet KeySecure 6.1 in native KMIP mode with the Brocade Encryption
Switch in KMIP mode is supported. All nodes in an encryption group should be running Fabric OS
7.1.0 and later for the key vault type to be set to KMIP.

After installing the SafeNet KeySecure appliance (also referred to as the KeySecure), you must
complete the following steps before the Brocade Encryption Switchswitch can be configured with
the KeySecure. These steps must be performed only once, in preparation for first-time
configuration.

NOTE

If you are configuring two KeySecure nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.

The following suggested order of steps must be completed to create a secure connection to the
SafeNet KeySecure.

1. Set FIPS compliance. (Refer to

“Setting FIPS compliance”

on page 1026.)

2. Create a local CA. (Refer to

“Creating a local CA”

on page 1027.)

3. Create a server certificate. (Refer to

“Creating a server certificate”

on page 1028.)

4. Create a cluster. (Refer to

“Creating a cluster”

on page 1033.)

5. Create a Brocade group on the KeySecure appliance. (Refer to

“Configuring a Brocade group

on the KeySecure”

on page 1034.)

6. Register the user name and password. (Refer to

“Registering the KeySecure Brocade group

user name and password”

on page 1035.)

7. Export and sign the encryption node certificate signing requests. (Refer to

“Signing the

encryption node KAC CSR on KMIP”

on page 1036.)

8. Import the signed certificates into the encryption node. (Refer to

“Importing a signed KAC

certificate into a switch”

on page 1038.)

9. Back up the certificates (Refer to

“Backing up the certificates”

on page 1039.)