Exporting The Kac Certificate Signing Request (Csr); Submitting The Csr To A Certificate Authority; Importing The Signed Kac Certificate - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual
Supporting dcfm 10.4.x
Hide thumbs
Also See for Brocade BladeSystem 4/24:
- User manual (830 pages) ,
- Command reference manual (894 pages) ,
- Documentation update (271 pages)
Table of Contents
Advertisement
Exporting the KAC certificate signing request (CSR)
You need to export the KAC CSR to a temporary location prior to submitting the KAC CSR to a
Certificate Authority (CA) for signing.
1. Synchronize the time on the switch and the key manager appliance. They should be within one
2. From the Encryption Center, right-click on the switch and select Properties.
3. If a CSR is present, click Export. If a CSR is not present, right-click on the switch and select
4.
5. Select Yes to store the file. The default location for the exported file is My Documents.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. The is the format required in exchanges
with certificate authorities.
Submitting the CSR to a certificate authority
The CSR must be submitted to a certificate authority (CA) to be signed. The certificate authority is a
trusted third party entity that signs the CSR. There are several CAs available, and procedures vary,
but the general steps are as follows.
1. Open an SSL connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA.
Importing the signed KAC certificate
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
1. From the Encryption Center, select Switch > Import Certificate.
2. Browse to the location where the signed certificate is stored.
3. Click OK.
DCFM Enterprise User Manual
53-1001775-01
minute of each other. Differences in time can invalidate certificates and cause key vault
operations to fail.
Initnode. This generates switch security parameters and certificates, including the KAC CSR.
A dialog box displays.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/KACcsr kac_RKM_cert.pem
-days 365 -CA ca
The Import Signed Certificate dialog box displays.
The signed certificate is stored on the switch.
Exporting the KAC certificate signing request (CSR)
20
505
Advertisement
Chapters
Table of Contents
Troubleshooting
