Brocade Communications Systems StoreFabric SN6500B Administrator's Manual page 168
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
3
Steps for connecting to an SKM or ESKM appliance
CAUTION
After adding the member node to the encryption group, you should not use the cryptocfg
--zeroizeEE command on that node. Doing so removes critical information from the node and
makes it necessary to re-initialize the node and export new KAC certificates to the group leader
and the key vault.
To add a member node to an encryption group, follow these steps:
1. Log in to the switch on which the certificate was generated as Admin or FabricAdmin.
2. Execute the cryptocfg
3. Log in as Admin or SecurityAdmin.
4. Export the certificate from the local switch to an SCP-capable external host or to a mounted
5. Use the cryptocfg
150
--
USB device. Enter the cryptocfg
exporting a certificate to a location other than your home directory, you must specify a fully
qualified path that includes the target directory and file name. When exporting to USB storage,
certificates are stored by default in a predetermined directory, and you only need to provide a
file name for the certificate. The file name must be given a .pem (privacy enhanced mail)
extension. Use a character string that identifies the certificate's originator, such as the switch
name or IP address.
The following example exports a CP certificate from an encryption group member to an external
SCP-capable host and stores it as enc_switch1_cp_cert.pem.
SecurityAdmin:switch> cryptocfg --export -scp CPcert \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example exports a CP certificate from the local node to USB storage.
SecurityAdmin:switch> cryptocfg --export -usb CPcert enc_switch1_cp_cert.pem
Operation succeeded.
import command to import the CP certificates to the group leader node.
--
You must import the CP certificate of each node you wish to add to the encryption group.
The following example imports a CP certificate named "enc_switch1_cp_cert.pem" that was
previously exported to the external host 192.168.38.245. Certificates are imported to a
predetermined directory on the group leader.
SecurityAdmin:switch> cryptocfg --import -scp enc_switch1_cp_cert.pem \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example imports a CP certificate named "enc_switch1_cp_cert.pem" that was
previously exported to USB storage.
SecurityAdmin:switch> cryptocfg --import -usb enc_switch1_cp_cert.pem \
enc_switch1_cp_cert.pem
Operation succeeded.
reclaimWWN
cleanup command.
-
export command with the appropriate parameters. When
--
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Brocade Communications Systems StoreFabric SN6500B
Related Products for Brocade Communications Systems StoreFabric SN6500B
- Brocade Communications Systems SN3000B
- Brocade Communications Systems FastIron SX 800
- Brocade Communications Systems FastIron SX 1600
- Brocade SX 800
- Brocade SX 1600
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems Slim Rail Rack Mount
- Brocade Communications Systems SilkWorm 2000
- Brocade Communications Systems SI1000
- Brocade Communications Systems SI1000F
- Brocade Communications Systems SI4000
- Brocade Communications Systems SI10000
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems Brocade BladeSystem 4/24