Table of Contents
Advertisement
FIGURE 286
3. Browse to the location where the signed certificate is stored, then click OK.
Steps for connecting to a KMIP-compliant SafeNet KeySecure
With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the switch. Any KMIP-compliant server can be
reregistered as a KMIP key vault on the switch after setting the key vault type to KMIP.
Currently, KMIP with SafeNet KeySecure 6.1 in native KMIP mode with the Brocade Encryption
Switch in KMIP mode is supported. All nodes in an encryption group should be running Fabric OS
7.1.0 and later for the key vault type to be set to KMIP.
After installing the SafeNet KeySecure appliance (also referred to as the KeySecure), you must
complete the following steps before the switch can be configured with the KeySecure. These steps
must be performed only once, in preparation for first-time configuration.
NOTE
If you are configuring two KeySecure nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following suggested order of steps must be completed to create a secure connection to the
SafeNet KeySecure.
1. Set FIPS compliance. (Refer to
2. Create a local CA. (Refer to
3. Create a server certificate. (Refer to
4. Create a cluster. (Refer to
5. Create a Brocade group on the KeySecure appliance. (Refer to
6. Register the user name and password. (Refer to
7.
8. Import the signed certificates into the encryption node. (Refer to
9. Back up the certificates (Refer to
10. Configure the KMIP server. (Refer to
11. Add a secondary node to the cluster. (Refer to
Brocade Network Advisor SAN User Manual
53-1003154-01
Steps for connecting to a KMIP-compliant SafeNet KeySecure
Import Signed Certificate dialog box
The signed certificate is stored on the switch.
on the KeySecure"
on page 752.)
user name and password"
Export and sign the encryption node certificate signing requests. (Refer to
encryption node KAC CSR on KMIP"
certificate into a switch"
on page 756.)
"Setting FIPS compliance"
"Creating a local CA"
on page 745.)
"Creating a server certificate"
"Creating a cluster"
on page 751.)
"Registering the KeySecure Brocade group
on page 753.)
on page 754.)
"Backing up the certificates"
"Configuring the KMIP server"
"Adding a node to the cluster"
on page 744.)
on page 746.)
"Configuring a Brocade group
"Signing the
"Importing a signed KAC
on page 757.)
on page 759.)
on page 760.)
20
743
Advertisement
Chapters
Table of Contents
Troubleshooting
