Importing The Signed Kac Certificate; Uploading The Kac And Ca Certificates Onto The Rkm Appliance - Brocade Communications Systems Brocade BladeSystem 4/24 User Manual
Supporting dcfm 10.4.x
Hide thumbs
Also See for Brocade BladeSystem 4/24:
- User manual (870 pages) ,
- Command reference manual (894 pages) ,
- Documentation update (271 pages)
Table of Contents
Advertisement
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA.
Importing the signed KAC certificate
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
1. From the Encryption Center, select Switch > Import Certificate.
2. Browse to the location where the signed certificate is stored.
3. Click OK.
Uploading the KAC and CA certificates onto the RKM appliance
After an encryption group is created, you need to install the switch public key certificate (KAC
certificate) and signing authority certificate (CA certificate) on the RKM appliance.
1. Start a web browser, and connect to the RKM appliance setup page. You will need the URL, and
2. Select the Operations tab.
3. Select Certificate Upload.
4. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the
5. Select Upload, Configure SSL, and Restart Webserver.
6. After the web server restarts, enter the root password.
7.
8. Select the Key Classes tab. For each of the following key classes, perform steps a. through h. to
DCFM Professional Plus User Manual
53-1001774-01
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/KACcsr kac_RKM_cert.pem
-days 365 -CA ca
The Import Signed Certificate dialog box displays.
The signed certificate is stored on the switch.
have the proper authority level, a user name, and a password.
UNC naming convention format.
Open another web browser window, and start the RSA management user interface.
You will need the URL, and have the proper authority level, a user name, and a password.
NOTE
The Identity Group name used in the next step may not exist in a freshly installed RKM. To
establish an Identity Group name, click the Identity Group tab, and create a name. The name
Hardware Retail Group is used as an example in the following steps.
create the class. The key classes must be created only once, regardless of the number of
nodes in your encryption group and regardless of the number of encryption groups that will be
sharing this RKM.
kcn.1998-01.com.brocade:DEK_AES_256_XTS
kcn.1998-01.com.brocade:DEK_AES_256_CCM
kcn.1998-01.com.brocade:DEK_AES_256_GCM
18
465
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
