14
Encryption node initialization and certificate generation
Encryption node initialization and certificate generation
When an encryption node is initialized, the following security parameters and certificates are
generated:
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration.
Encryption nodes may also be initialized from the Encryption Center.
1. From the Encryption Center, select Switch > Init Node.
2. Select Yes to initialize the node.
350
•
FIPS crypto officer
•
FIPS user
•
Node CP certificate
•
A self-signed Key authentication center
•
A Key authentication center
The following warning displays.
KAC) certificate
(
KAC) signing request (CSR)
(
DCFM Professional User Manual
53-1001773-01