EXAMPLES
To initialize a node and generate certificates (output shows what is generated and where it is stored):
To initialize an encryption engine:
To register an encryption engine with the CP or chassis:
To enable an encryption engine:
To disable an encryption engine:
To export a KAC certificate from the group leader to an external host:
To export a KAC certificate from the group leader to an attached USB device:
To import a member CP certificate to the group leader:
Fabric OS Command Reference
53-1001764-01
diag
Runs diagnostic tests including retrieval, archival and synchronization of the tests
in the key vault cluster.
SecurityAdmin:switch> cryptocfg --initnode
This will overwrite all identification and authentication data
ARE YOU SURE
(yes, y, no, n): [no] y
Notify SPM of Node Cfg
Operation succeeded.
SecurityAdmin:switch> cryptocfg --initEE
This will overwrite previously generated identification
and authentication data
ARE YOU SURE (yes, y, no, n): y
Operation succeeded.
SecurityAdmin:switch> cryptocfg -regEE
Operation succeeded.
SecurityAdmin:switch> cryptocfg --enableEE
Operation succeeded.
SecurityAdmin:switch> cryptocfg --disableEE
Operation succeeded.
SecurityAdmin:switch> cryptocfg --export -scp -KACcert
192.168.38.245 mylogin kac_lkm_cert.pem
Password: ******
Operation succeeded.
SecurityAdmin:switch> cryptocfg --export -usb
-KACcert kac_lkm_cert.pem
Password:******
Operation succeeded.
SecurityAdmin:switch> cryptocfg --import
-scp enc1_cpcert.pem 192.168.38.245 mylogin
/temp/certs/enc_switch1_cpcert.pem
Password:
cryptoCfg
\
\
\
\
22
161