Steps For Connecting To An Rkm Appliance; Exporting The Kac Certificate Signing Request (Csr); Submitting The Csr To A Certificate Authority - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual
Supporting dcfm 10.4.x
Hide thumbs
Also See for Brocade BladeSystem 4/24:
- User manual (870 pages) ,
- Command reference manual (894 pages) ,
- Documentation update (271 pages)
Table of Contents
Advertisement
18
Steps for connecting to an RKM appliance
All switches you plan to include in an encryption group must have a secure connection to the RSA
Key Manager (RKM). The following is a suggested order for the steps needed to create a secure
connection to RKM:
3. Export the KAC CSR to a location accessible to a Certificate Authority (CA) for signing.
4. Submit the KAC CSR for signing be a Certificate Authority (CA).
5. Import the signed certificate into the Brocade encryption node.
6. Upload the signed KAC and CA certificates onto the RKM appliance, and select the appropriate
7.
These steps are described in more detail in the following sections.
Exporting the KAC certificate signing request (CSR)
You need to export the KAC CSR to a temporary location prior to submitting the KAC CSR to a
Certificate Authority (CA) for signing.
1. Synchronize the time on the switch and the key manager appliance. They should be within one
2. From the Encryption Center, right-click on the switch and select Properties.
3. If a CSR is present, click Export. If a CSR is not present, right-click on the switch and select
4.
5. Select Yes to store the file. The default location for the exported file is My Documents.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. The is the format required in exchanges
with certificate authorities.
Submitting the CSR to a certificate authority
The CSR must be submitted to a certificate authority (CA) to be signed. The certificate authority is a
trusted third party entity that signs the CSR. There are several CAs available, and procedures vary,
but the general steps are as follows.
1. Open an SSL connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
464
key classes.
If dual RKM appliances are used for high availability, the RKM appliances must be clustered,
and must operate in maximum availability mode, as described in the RKM appliance user
documentation.
minute of each other. Differences in time can invalidate certificates and cause key vault
operations to fail.
Initnode. This generates switch security parameters and certificates, including the KAC CSR.
A dialog box displays.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
DCFM Professional Plus User Manual
53-1001774-01
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
