Exporting the tklm self-signed server certificate, Exporting the tklm, Self-signed server certificate – Brocade Network Advisor SAN User Manual v12.3.0 User Manual
Page 794
742
Brocade Network Advisor SAN User Manual
53-1003154-01
Steps for connecting to a TKLM appliance
20
Exporting the TKLM self-signed server certificate
The TKLM self-signed server certificate must be exported in preparation for importing and
registering the certificate on a Fabric OS encryption Group Leader node.
1. Enter the TKLM server wsadmin CLI.
For Linux (in ./wsadmin.sh):
<installed directory>/IBM/tivoli/tiptklmV2/bin/wsadmin.sh -username TKLMAdmin
-password <password> -lang jython
For Windows:
<installed directory>\ibm\tivoli\tiptklmV2\bin\wsadmin.bat -username
TKLMAdmin -password <password> -lang jython
2. Check the certificate list using the following command:
print AdminTask.tklmCertList('[]')
The listing will contain the UUID for all certificates. Use the UUID of the server certificate to
export the server certificate from the database to the file system.
print AdminTask.tklmCertExport('[
-uuid <UUID of the certificate>
-fileName <filename> -format DER]')
3. Exit the wsadmin CLI
After export, the TKLM server certificate is at the following location:
For LINUX:
<installed directory>/ibm/tivoli/tiptklmV2/products/tklm/
For Windows:
<installed directory>\ibm\tivoli\tiptklmV2\products\tklm\
4. Transfer the TKLM certificate that was previously exported into the TKLM server file system to
the Management application host using any binary file transfer mechanism via SCP, USB, or
FTP.
Importing the TKLM certificate into the group leader
The TKLM certificate must be imported from the location on the host to the encryption Group
Leader node. The encryption Group Leader exports the certificate to group member switches.
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
dialog box. (Refer to
2. Select a switch from the Encryption Center Devices table, then select Switch > Import
Certificate from the menu task bar.
The Import Signed Certificate dialog box displays. (Refer to
.)