Authenticating The Ca - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Configuring CAs and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 43-6
Step 4 Select tftp as the Protocol field.
Click the Browse button to locate the appropriate file to copy to bootflash.
Step 5
Click Apply to apply these changes.
Step 6

Authenticating the CA

The configuration process of trusting a CA is complete only when the CA is authenticated to the MDS
switch. The switch must authenticate the CA. It does this by obtaining the self-signed certificate of the
CA in PEM format, which contains the public key of the CA. Because the certificate of the CA is
self-signed (the CA signs its own certificate) the public key of the CA should be manually authenticated
by contacting the CA administrator to compare the fingerprint of the CA certificate.
Note If the CA being authenticated is not a self-signed CA (that is, it is a subordinate CA to another CA, which
itself may be a subordinate to yet another CA, and so on, finally ending in a self-signed CA), then the
full list of the CA certificates of all the CAs in the certification chain needs to be input during the CA
authentication step. This is called the CA certificate chain of the CA being authenticated. The maximum
number of certificates in a CA certificate chain is 10.
To authenticate a CA using Fabric Manager, follow these steps:
Expand Switches > Security then select PKI in the Physical Attributes pane.
Step 1
Step 2 Click the Trust Point Actions tab in the Information pane.
You see the information shown in
Figure 43-7
Cisco MDS 9000 Family CLI Configuration Guide
43-10
Copy Files Dialog Box
Figure 43-7.
Trust Point Actions Tab
Chapter 43 Configuring Certificate Authorities and Digital Certificates
OL-16184-01, Cisco MDS SAN-OS Release 3.x