Ldap certificates for fips mode, Importing an ldap switch certificate, Table 89 – Dell POWEREDGE M1000E User Manual

Page 620

Advertising
background image

620

Fabric OS Administrator’s Guide

53-1002745-02

FIPS mode configuration

B

4. Set up LDAP according to the instructions in

“LDAP configuration and Microsoft Active

Directory”

on page 162, and then perform the following additional Microsoft Active Directory

settings

a. To support FIPS-compliant TLS cipher suites on the Microsoft Active Directory server, allow

the SCHANNEL settings listed in

Table 89

.

b. Enable the FIPS algorithm policy on the Microsoft Active Directory.

LDAP certificates for FIPS mode

To utilize the LDAP services for FIPS between the switch and the host, you must generate a
certificate signing request (CSR) on the Active Directory server and import and export the CA
certificates. To support server certificate validation, it is essential to have the CA certificate
installed on the switch and Microsoft Active Directory server. Use the secCertUtil command to
import the CA certificate to the switch. This command will prompt for the remote IP and login
credentials to retrieve the CA certificate. The CA certificate should be in any of the standard
certificate formats, “.cer”, ”.crt,” or “.pem”.

LDAP CA certificate file names should not contain spaces when using the secCertUtil command to
import and export the certificate.

Importing an LDAP switch certificate

This procedure imports the LDAP CA certificate from the remote host to the switch.

1. Connect to the switch and log in using an account with admin permissions, or an account with

OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import -ldapcacert command.

Example of importing an LDAP certificate

switch:admin> seccertutil import -ldapcacert
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.38.206
Enter remote directory: /users/aUser/certs
Enter certificate name (must have ".crt" or ".cer" ".pem" suffix):
LDAPTestCa.cer
Enter Login Name: aUser
Password: <hidden>
Success: imported certificate [LDAPTestCa.cer].

TABLE 89

Active Directory keys to modify

Key

Sub-key

Ciphers

3DES

Hashes

SHA1

Key exchange algorithm

PKCS

Protocols

TLSv1.0

Advertising