Setting up the local certificate authority (ca) on, Eskm/skm – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 778

Advertising
background image

726

Brocade Network Advisor SAN User Manual

53-1003154-01

Steps for connecting to an ESKM/SKM appliance

20

Different user names and passwords can never be used within the same encryption group, but
each encryption group may have its own user name and password.

If you change the user name and password, the keys created by the previous user become
inaccessible. The Brocade group user name and password must also be changed to the same
values on ESKM/SKM to make the keys accessible.

When storage is moved from one encryption group to another, and the new encryption group
uses a different user name and password, the Brocade group user name and password must
also be changed to the same values on ESKM/SKM to make the keys accessible.

Setting up the local Certificate Authority (CA) on ESKM/SKM

To create and install a local CA, complete the following steps:

1. Log in to the ESKM/SKM management web console using the admin password.

2. Select the Security tab.

3. Under Certificates & CAs, click Local CAs. (Refer to

Figure 279

.)

4. Enter information required by the Create Local Certificate Authority section of the window to

create your local CA.

-

Enter a Certificate Authority Name and Common Name. These may be the same value.

-

Enter your organizational information.

-

Enter the Email Address to receive messages for the Security Officer.

-

Enter the Key Size. HP recommends using 2048 for maximum security.

-

Select Self-signed Root CA.

-

Enter the CA Certification Duration and Maximum User Certificate Duration. These values
determine when the certificate must be renewed and should be set in accordance with
your company's security policies. The default value for both is 3650 days or 10 years.

5. Click Create.

The new local CA displays under Local Certificate Authority List.

NOTE

Fabric OS 7.1.0 will use SHA256 signatures for the TLS certificates used to connect to the ESKM 3.0.

Advertising