Signing The Brocade Encryption Node Kac Certificates; Importing A Signed Kac Certificate Into A Switch - Brocade Communications Systems Brocade 8/12c User Manual

Signing the Brocade encryption node KAC certificates

1. The KAC certificate signing request generated when the encryption node is initialized must be
2. Select Configure > Encryption from the menu task bar.
3. Select a switch from the Encryption Center Devices table, then select Switch > Export
4. Select Public Key Certificate Request (CSR), then click OK.
5. Launch the SKM administration console in a web browser and log in.
6. Select the Security tab.
7.
8. Under Local Certificate Authority List, select the Brocade CA name.
9. Select Sign Request.
10. Select Sign with Certificate Authority using the Brocade CA name and maximum of 3649 days.
11. Select Client as Certificate Purpose.
12. Allow Certificate Duration to default to 3649.
13. Paste the file contents that you copied in step 3 in the Certificate Request Copy area.
14. Select Sign Request.
15. Download the signed certificate to your local system as signed_kac_skm_cert.pem.

Importing a signed KAC certificate into a switch

After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
NOTE
This operation can be performed only after the switch is added to the encryption group.
1. Select Configure > Encryption from the menu task bar.
Brocade Network Advisor SAN User Manual
53-1002167-01
exported for each encryption node and signed by the Brocade local CA on SKM. The signed
certificate must then be imported back into the encryption node.
The Encryption Center dialog box displays.
Certificate, from the menu task bar, or right-click a switch and select Export Certificate.
The Export Switch Certificate dialog box displays.
You are prompted to save the CSR, which can be saved to your SAN Management Program
client PC, or an external host of your choosing.
Alternatively, you may select a switch, then select Switch > Properties. Click the Export button
beside the Public Key Certificate Request, or copy the CSR for pasting into the Certificate
Request Copy area on the SKM Sign Certificate Request page.
Select Local CAs under Certificates & CAs.
The Certificate and CA Configuration page displays.
The Sign Certificate Request page displays.
This file is ready to be imported to the encryption switch or blade.
The Encryption Center dialog box displays.
Steps for connecting to an SKM appliance
18
461