Importing the signed kac certificate, Importing the signed, Kac certificate – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 767

Advertising
background image

Brocade Network Advisor SAN User Manual

715

53-1003154-01

Steps for connecting to a DPM appliance

20

In the example above, the certificate validity is active until “Dec 4 18:03:14 2010 GMT.” After the
KAC certificate has expired, the registration process must be redone.

NOTE

In the event that the signed KAC certificate must be re-registered, you will need to log in to the key
vault web interface and upload the new signed KAC certificate for the corresponding switch Identity.

You can change the value of the certificate expiration date using the following command:

openssl x509 -req -sha1 -CAcreateserial -in certs/<Switch CSR Name> -days 365 -CA

cacert.pem -CAkey private/cakey.pem -out newcerts/<Switch Cert Name>

In the example above, the certificate is valid for a period of one year (365 days). You can increase
or decrease this value according to your own specific needs. The default is 3649 days, or 10 years.

Importing the signed KAC certificate

After a Key Authentication Center (KAC) CSR has been submitted and signed by a CA, the signed
certificate must be imported into the switch.

1. Select a switch from the Encryption Center Devices table, then select Switch > Import

Certificate from the menu task bar to display the Import Signed Certificate dialog box. (Refer to

Figure 275

.)

FIGURE 275

Import Signed Certificate dialog box

2. Browse to the location where the signed certificate is stored, then click OK.

The signed certificate is stored on the switch.

Uploading the CA certificate onto the DPM appliance (and first-time
configurations)

After an encryption group is created, you need to install the signing authority certificate (CA
certificate) onto the DPM appliance.

1. Open a web browser and connect to the DPM appliance setup page. You will need the URL and

have the proper authority level, user name, and password.

2. Select the Operations tab.

3. Select Certificate Upload.

4. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the

UNC naming convention format.

5. Select Upload, Configure SSL, and Restart Webserver.

6. After the web server restarts, enter the root password.

Advertising
Popular Brands
Popular manuals