Administrator's Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User guide
30 Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
2
NOTE
If you are configuring two KeyServer nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following is a suggested order of steps that must be completed to create a secure connection
to the SafeNet KeySecure.
1. Set FIPS compliance. Refer to “Setting FIPS compliance” on page 31.
2. Create a local CA. Refer to “Creating a local CA” on page 32.
3. Create a server certificate. Refer to “Creating a server certificate” on page 33.
4. Create a cluster. Refer to “Creating a cluster” on page 38.
5. Create a Brocade group on the KeySecure appliance. Refer to “Configuring a Brocade group on
the KeySecure appliance” on page 40.
6. Register the user name and password. Refer to “Registering the KeySecure Brocade group
user name and password” on page 41.
7. Export and sign the encryption node certificate signing requests. Refer to “Signing the
encryption node KAC CSR on KMIP” on page 42.
8. Import the signed certificates into the encryption node. Refer to “Importing a signed KAC
certificate into a switch” on page 43
9. Back up the certificates Refer to “Backing up the certificates” on page 44.
10. Configure the KMIP server. Refer to “Configuring the KMIP server” on page 46.
11. Add a secondary node to the cluster. Refer to “Adding a node to the cluster” on page 47.