Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

111

112

113

114

115

116

117

118

119

120

102 Encryption Administrator’s Guide

53-1001201-04

Encryption switch initialization

Exporting a certificate

1. Log into the switch on which the certificate was generated as Admin or SecurityAdmin.

2. Export the certificate from the local switch to an SCP-capable external host or to a mounted

USB device. The target server must be SCP-enabled. Enter the cryptocfg

--export command

with the appropriate parameters.

The following example exports a CP certificate from an encryption group member to an

external SCP-capable host.

SecurityAdmin:swicth>cryptocfg --export -scp CPcert \

192.168.38.245 mylogin /temp/certs/enc_switch1_cp_cert.pem

Password:

Operation succeeded.

The following example exports a KAC certificate from the local node to USB storage.

SecurityAdmin:switch>cryptocfg --export -usb KACcert enc_switch1_kac_cert.pem

Operation succeeded.

NOTE

When exporting a certificate to an external host, you must specify a fully qualified path that

includes the target directory and file name. When exporting to USB storage, certificates are

stored by default in a predetermined directory, and you only need to provide a file name for the

certificate. An easy way to track exported certificates is by using the base certificate name with

the appropriate file extension (*.pem or*.p12) and prefixing the name with a character string

that identifies the certificate’s originator, for example, the switch IP address or host name.

Importing a certificate

1. Log into the switch to which you wish to import the certificate as Admin or SecurityAdmin.

2. Enter the cryptocfg

--import command with the appropriate parameters.

The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was

previously exported to the external host 192.168.38.245. Certificates are imported to a

predetermined directory on the node.

SecurityAdmin:swicth>cryptocfg --import -scp enc_switch1_cp_cert.pem \

192.168.38.245 mylogin /temp/certs/enc_switch1_cp_cert.pem

Password:

Operation succeeded.

The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was

previously exported to USB storage.

SecurityAdmin:swicth>cryptocfg --import -usb enc_switch1_cp_cert.pem \

enc_switch1_cp_cert.pem

Operation succeeded.