5. Register the node with the group leader using new IP address.
Setting encryption node initialization
When an encryption node is initialized, the following security parameters and certificates are
generated:
From the standpoint of external SAN Management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
1. Initialize the Brocade Encryption Switch node.
2. Initialize the new encryption engine.
3. Register the encryption engine.
4. Enable the encryption engine.
5. Check the encryption engine state using following command to ensure encryption engine is
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
•
FIPS crypto officer
•
FIPS user
•
Node CP certificate
•
A signed Key Authentication Center
•
A KAC Certificate Signing Request (CSR)
SecurityAdmin:switch> cryptocfg --initnode
Operation succeeded.
SecurityAdmin:switch> cryptocfg --initEE [slotnumber]
Operation succeeded.
SecurityAdmin:switch> cryptocfg --regEE [slotnumber]
Operation succeeded.
SecurityAdmin:switch> cryptocfg --enableEE [slotnumber]
Operation succeeded.
online:
SecurityAdmin:switch> cryptocfg --show -localEE
Setting encryption node initialization
KAC) certificate
(
3
135