Setting the key vault type to kmip, Setting key vault parameters, Exporting the kac csr to a local machine – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 170: Keysecure)

Advertising
background image

152

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)

3

h. After the restore of the certificate to the secondary node from the previously backed-up

primary node certificate is done, select Services under Maintenance.

The Services Configuration page displays.

i.

Under Restart/Halt, select Restart, then click Commit.

Configuring the Brocade Encryption Switch key vault setup (SafeNet
KeySecure)

The following steps capture the configuration that is required on the KeySecure appliance and the
Brocade Encryption Switch for setting up the Key Vault.

Setting the key vault type to KMIP

helium_mace190:root> cryptocfg --set -keyvault KMIP
The key vault type will be changed.
ARE YOU SURE (yes, y, no, n): [no] y
Set key vault status: Operation Succeeded.
Please reboot for new key vault configuration to take effect.
helium_mace190:root>

helium_mace190:root> reboot
Warning: This command would cause the switch to reboot
and result in traffic disruption.
Are you sure you want to reboot the switch [y/n]?

Setting key vault Parameters

helium_mace190:root> cryptocfg--set -kvparam ha opaque
KVParams Set Successfully
helium_mace190:root> cryptocfg --set -kvparam cert ca
KVParams Set Successfully
helium_mace190:root> cryptocfg --set -kvparam -set login enableP
KVParams Set Successfully
helium_mace190:root> cryptocfg --show -kvparam
KVParams are:
HA Mode = HA Opaque
Username authentication = Username/password
Certificate signature = CA Signed
Key vault client logging level = None
helium_mace190:root>

Exporting the KAC CSR to a local machine

helium_mace190:root> cryptocfg --export -scp -KACcsr 10.37.35.33 root
/root/kac_csr_hel_190.pem
[email protected]'s password:
Operation succeeded.
helium_mace190:root>

Advertising
Popular Brands
Popular manuals