Importing A Signed Kac Certificate Into A Switch; Eskm/Skm Key Vault High Availability Deployment - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual
Brocade fabric os encryption administrator's guide v7.1.0 (53-1002721-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Command reference manual (1168 pages) ,
- Reference (934 pages)
Table of Contents
Advertisement
2
Steps for connecting to an ESKM/SKM appliance
12. Paste the file contents that you copied in step 3 in the Certificate Request Copy area.
13. Select Sign Request.
14. Download the signed certificate to your local system as signed_kac_eskm_cert.pem or
Importing a signed KAC certificate into a switch
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
NOTE
This operation can be performed only after the switch is added to the encryption group.
1. Select Configure > Encryption from the menu task bar to display the Encryption Center
2. Select a switch from the Encryption Center Devices table, then select Switch > Import
FIGURE 12
3. Browse to the location where the signed certificate is stored, then click OK.
ESKM/SKM key vault high availability deployment
The ESKM/SKM key vault has high availability clustering capability. ESKM/SKM appliances can be
clustered together in a transparent manner to the end user. Encryption keys saved to one key vault
are synchronously hardened to the cluster pairs. Refer to the HP ESKM/SKM Appliance user
documentation for configuration requirements and procedures.
The configured primary and secondary HP ESKM/SKM appliances must be registered with the
encryption switch or blade to begin key operations. You can register only a single ESKM/SKM if
desired. In that case, the HA features are lost, but the archived keys are backed up to any other
non-registered cluster members. Beginning with Fabric OS 6.3.0, the primary and secondary
appliances must be clustered.
Both ESKM/SKM appliances in the cluster can be registered using the following command.
38
signed_kac_skm_cert.pem, depending on your key vault type.
This file is ready to be imported to the encryption switch or blade.
dialog box (Refer to
Figure 1
Certificate from the menu task bar.
The Import Signed Certificate dialog box displays
Import Signed Certificate dialog box
The signed certificate is stored on the switch.
cryptocfg --reg -keyvault <cert label> <certfile> <hostname/ip address>
<primary | secondary>
on page 14).
(Figure
Fabric OS Encryption Administrator's Guide (SKM/ESKM)
12).
53-1002721-01
Advertisement
Table of Contents
Troubleshooting
