Signing the encryption node kac certificates, Signing the, Encryption node kac certificates – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Brocade Network Advisor SAN User Manual

731

53-1003154-01

Steps for connecting to an ESKM/SKM appliance

20

15. Click Browse, then select the Cluster Key File you saved.

16. Enter the cluster password, then click Join.

17. After adding all members to the cluster, delete the cluster key file from the desktop.

18. Create and install an ESKM/SKM server certificate. Refer to

“Creating and installing the

ESKM/SKM server certificate”

on page 727 for a description of this procedure.

Signing the encryption node KAC certificates

The KAC certificate signing request generated when the encryption node is initialized must be
exported for each encryption node and signed by the Brocade local CA on ESKM/SKM. The signed
certificate must then be imported back into the encryption node.

1. Select Configure > Encryption from the menu task bar to display the The Encryption Center

dialog box. (Refer to

Figure 266

on page 694.)

2. Select a switch from the Encryption Center Devices table, then select Switch > Export

Certificate, from the menu task bar.

The Export Switch Certificate dialog box displays.

3. Select Public Key Certificate Request (CSR), then click OK.

You are prompted to save the CSR, which can be saved to your SAN Management Program
client PC, or an external host of your choosing.

Alternatively, you may select a switch, then select Switch > Properties. Click the Export button
beside the Public Key Certificate Request, or copy the CSR for pasting into the Certificate
Request Copy area on the ESKM/SKM Sign Certificate Request page.

4. Launch the ESKM/SKM administration console in a web browser and log in.

5. Select the Security tab.

6. Select Local CAs under Certificates & CAs.

The Certificate and CA Configuration page displays.

7. Under Local Certificate Authority List, select the Brocade CA name.

8. Select Sign Request.

The Sign Certificate Request page displays.

9. Select Sign with Certificate Authority using the Brocade CA name and maximum of 3649 days.

10. Select Client as Certificate Purpose.

11. Allow Certificate Duration to default to 3649.

12. Paste the file contents that you copied in step 3 in the Certificate Request Copy area.

13. Select Sign Request.

14. Download the signed certificate to your local system as signed_kac_eskm_cert.pem or

signed_kac_skm_cert.pem, depending on your key vault type.

This file is ready to be imported to the encryption switch or blade.