Setting Encryption Node Initialization - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
5. Register the node with the group leader using new IP address.
Setting encryption node initialization
When an encryption node is initialized, the following security parameters and certificates are
generated:
From the standpoint of external SAN Management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
1. Initialize the Brocade Encryption Switch node.
2. Initialize the new encryption engine.
3. Register the encryption engine.
4. Enable the encryption engine.
5. Check the encryption engine state using following command to ensure encryption engine is
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
•
FIPS crypto officer
•
FIPS user
•
Node CP certificate
•
A signed Key Authentication Center
•
A KAC Certificate Signing Request (CSR)
SecurityAdmin:switch> cryptocfg --initnode
Operation succeeded.
SecurityAdmin:switch> cryptocfg --initEE [slotnumber]
Operation succeeded.
SecurityAdmin:switch> cryptocfg --regEE [slotnumber]
Operation succeeded.
SecurityAdmin:switch> cryptocfg --enableEE [slotnumber]
Operation succeeded.
online:
SecurityAdmin:switch> cryptocfg --show -localEE
Setting encryption node initialization
KAC) certificate
(
3
135
Advertisement
Table of Contents
Troubleshooting
