Brocade Fabric OS Command Reference Manual v6.2.0 (53-1001186-01, April 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

151

152

153

154

155

156

157

158

159

160

Fabric OS Command Reference 125

53-1001186-01

cryptoCfg

certfile Specifies the certificate file. This file must be imported prior to registering the

key vault and reside in the predetermined directory where certificates are

stored. In the case of the HP SKM, this operand specifies the CA file, which is

the certificate of the signing authority on the SKM. Use --show -file -all for a

listing of imported certificates.

hostname | ip_address

Specifies the key vault by providing either a host name or IP address.

primary | secondary

Specifies the key vault as either primary or secondary. The secondary key

vault serves as backup.

--dereg -keyvault Removes the registration for a specified key vault. The key vault registration is

identified by specifying the certificate label. Removing a key vault registration

disconnects the key vault. This command is valid only on the group leader.

cert_label Specifies the key vault certificate label. This operand is required when

removing the registration for a key vault.

--reg -KACcert Registers the signed node certificate. After being exported and signed by the

external signing authority, the signed node certificate must be imported back

into the node and registered for a successful two-way certificate exchange

with the key vault. This command is valid only on the group leader.

Registration functions need to be invoked on all the nodes in a DEK cluster

for their respective signed node certificates. The following operand is

required:

signed_certfile Specifies the name of the signed node certificate to be re-imported.

--set -keyvault Sets the key vault type. This command is valid only on the group leader.

value Specifies the key vault type. The default is set to no value. This operand is

required. Valid values for -keyvault are:

LKM Specifies the NetApp LKM appliance (trusted key vault).

RKM Specifies the RSA Key Manager (RKM) (opaque key repository).

SKM Specifies the HP Secure Key Manager (SKM) (opaque key repository).

--set -failbackmode

Sets the failback mode parameter. This parameter is set on the group leader.

Valid values for failback mode are:

auto Enables automatic failback. In this mode, failback occurs automatically

within an HA cluster when an encryption switch or blade that failed earlier

has been restored or replaced. Automatic failback mode is enabled by

default.

manual Enables manual failback. In this mode, failback must be initiated manually

after an encryption switch or blade that failed earlier has been restored or

replaced.