Submitting The Csr To A Certificate Authority; Kac Certificate Registration Expiry - Brocade Communications Systems StoreFabric SN6500B User Manual

4. Do one of the following:
5. Save the file. The default location for the exported file is in the Documents folder.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. This is the format required in
exchanges with Certificate Authorities (CAs).

Submitting the CSR to a certificate authority

The CSR must be submitted to a Certificate Authority (CA) to be signed. The CA is a trusted
third-party entity that signs the CSR. Several CAs are available and procedures vary, but the general
steps are as follows:
1. Open an SSL/TLS connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA:
NOTE
You can change the number of days that a certificate will expire based on your site's security policies.
For more information on changing the certificate expiry date, refer to
expiry"

KAC certificate registration expiry

It is important to keep track as to when your signed KAC certificates will expire. Failure to work with
valid certificates causes certain commands to not work as expected. If you are using the certificate
expiry feature and the certificate expires, the key vault server will not respond as expected. For
example, the group leader in an encryption group might show that the key vault is connected;
however, a member node reports that the key vault is not responding.
To verify the certificate expiration date, use the following command:
openssl x509 –in newcerts/<Switch Cert Name> -dates –noout
Output:
Brocade Network Advisor SAN User Manual
53-1002696-01
•
If a CSR is present, click Export.
•
If a CSR is not present, select a switch from the Encryption Center Devices table, then
select Switch > Init Node from the menu task bar. This generates switch security
parameters and certificates, including the KAC CSR.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/<Switch CSR Name> -days 365
-CA cacert.pem -CAkey private/cakey.pem -out newcerts/<Switch Cert Name>
on page 545.
Not Before: Dec
Not After : Dec
Steps for connecting to a DPM appliance
4 18:03:14 2009 GMT
4 18:03:14 2010 GMT
20
"KAC certificate registration
545