Brocade Communications Systems Brocade 8/12c Administrator's Manual page 153
Supporting hp secure key manager (skm) environments and hp enterprise secure key manager (eskm) environments
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1132 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
CAUTION
After adding the member node to the encryption group, you should not use the cryptocfg
--zeroizeEE command on that node. Doing so removes critical information such as CP certificates
from the node and makes it necessary to reinitialize the node and export the new CP certificates
and KAC certificates to the group leader and the key vault.
To add a member node to an encryption group, follow these steps:
1. Log in to the switch on which the certificate was generated as Admin or SecurityAdmin.
2. Execute the cryptocfg
3. Export the certificate from the local switch to an SCP-capable external host or to a mounted
4. Log in to the group leader as Admin or SecurityAdmin.
5. Use the cryptocfg
Fabric OS Encryption Administrator's Guide
53-1002159-03
reclaimWWN -cleanup command.
--
USB device. Enter the cryptocfg
exporting a certificate to a location other than your home directory, you must specify a fully
qualified path that includes the target directory and file name. When exporting to USB storage,
certificates are stored by default in a predetermined directory, and you only need to provide a
file name for the certificate. The file name must be given a .pem (privacy enhanced mail)
extension. Use a character string that identifies the certificate's originator, such as the switch
name or IP address.
The following example exports a CP certificate from an encryption group member to an external
SCP-capable host and stores it as enc_switch1_cp_cert.pem.
SecurityAdmin:switch>cryptocfg --export -scp CPcert \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example exports a CP certificate from the local node to USB storage.
SecurityAdmin:switch>cryptocfg --export -usb CPcert enc_switch1_cp_cert.pem
Operation succeeded.
import command to import the CP certificates to the group leader node.
--
You must import the CP certificate of each node you wish to add to the encryption group.
The following example imports a CP certificate named "enc_switch1_cp_cert.pem" that was
previously exported to the external host 192.168.38.245. Certificates are imported to a
predetermined directory on the group leader.
SecurityAdmin:switch>cryptocfg --import -scp enc_switch1_cp_cert.pem \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example imports a CP certificate named "enc_switch1_cp_cert.pem" that was
previously exported to USB storage.
SecurityAdmin:switch>cryptocfg --import -usb enc_switch1_cp_cert.pem \
enc_switch1_cp_cert.pem
Operation succeeded.
Steps for connecting to an SKM or ESKM appliance
export command with the appropriate parameters. When
--
3
133
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Brocade Communications Systems Brocade 8/12c
Related Products for Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/24
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems 8/24
- Brocade Communications Systems POWEREDGE 840
- Brocade Communications Systems 8/8
- Brocade Communications Systems 8/80
- Brocade Communications Systems 8
- Brocade Communications Systems Converged Enhanced Ethernet 8000
- Brocade Communications Systems 800
- Brocade Communications Systems 825
- Brocade Communications Systems 815
- Brocade Communications Systems 8Gb SAN Switch
- Brocade Communications Systems 8000 Series
- Brocade Communications Systems BROCADE 4424 BLADE SERVER 53-1000571-01
- Brocade Communications Systems Brocade Superx Series