Preparing The Switch For Fips; Overview Of Steps - Brocade Communications Systems 1606 Administrator's Manual

Deleting an LDAP switch certificate
This option deletes the LDAP CA certificate from the switch.
1. Connect to the switch and log in as admin.
2. Enter the secCertUtil show -ldapcacert command to determine the name of the LDAP
3. Enter the secCertUtil delete -ldapcacert <file_name> command, where the <file_name> is the

Preparing the switch for FIPS

The following functions are blocked in FIPS mode. Therefore, it is important to prepare the switch
by disabling these functions prior to enabling FIPS:
•
•
•
See
ATTENTION
Only roles with SecurityAdmin and Admin can enable FIPS mode.

Overview of steps

1. Optional: Configure RADIUS server or LDAP server.
2. Optional: Configure authentication protocols.
3. For LDAP only: Install SSL certificate on Microsoft Active Directory server and CA certificate on
4. Block Telnet, HTTP, and RPC.
5. Disable BootProm access.
6. Configure the switch for signed firmware.
7.
8. Enable FIPS.
Fabric OS Administrator's Guide
53-1001763-01
certificate file.
name of the LDAP certificate on the switch.
Example of deleting an LDAP CA certificate
switch:admin> seccertutil delete -ldapcacert LDAPTestCa.pem
WARNING!!!
About to delete certificate: LDAPTestCa.cer
ARE YOU SURE (yes, y, no, n): [no] y
Deleted LDAP certificate successfully
The root account and all root-only functions are not available.
HTTP, Telnet, RPC, SNMP protocols need to be disabled. Once these are blocked, you cannot
use these protocols to read or write data from and to the switch.
The configDownload and firmwareDownload commands using an FTP server are blocked.
Table 103 on page 523 for a complete list of restrictions between FIPS and non-FIPS modes.
the switch for using LDAP authentication.
Disable root access.
Preparing the switch for FIPS
D
527