Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
Encryption Administrator’s Guide 109
53-1001201-04
Key vault configuration
3
f. On the group leader, import the previously saved LKM certificate from the SCP-capable
host.
SecurityAdmin:switch>cryptocfg --import -scp lkmcert.pem 192.168.38.245 \
mylogin /tem/certs/lkmcert.pem
Password:
Operation succeeded.
g. From the external host, register the KAC LKM certificate you exported from the group
leader in step a. with the NetApp LKM appliance.
host$echo lkmserver certificate set 10.32.244.71 \
‘cat kac_lkm_cert.pem‘ | ssh -l admin 10.33.54.231
Pseudo-terminal will not be allocated because stdinis not a terminal.
admin@10.33.54.231's password:
Checking system tamper status:
No physical intrusion detected.
NOTICE: LKM Peer '10.32.244.71' certificate is set
h. On the group leader, register the NetApp LKM appliance as the primary key vault LKM1.
SecurityAdmin:switch>cryptocfg --reg -keyvault LKM1 lkmcert.pem \
10.33.54.231 primary
lkm-1
Register key vault status: Operation Succeeded.
i. Display the registered key vault on the group leader. The LKM key vault is shown as
"connected."
SecurityAdmin:switch>cryptocfg --show -groupcfg
Encryption Group Name: brocade
Failback mode: Manual
Heartbeat misses: 3
Heartbeat timeout: 2
Key Vault Type: LKM
Primary Key Vault:
IP address: 10.33.54.231
Certificate ID: lkm-1
Certificate label: LKM1
State: Connected
Type: LKM
Secondary Key Vault not configured
NODE LIST
Total Number of defined nodes: 2
Group Leader Node Name: 10:00:00:05:1e:41:7e
Encryption Group state: CLUSTER_STATE_CONVERGED
Node Name IP address Role
10:00:00:05:1e:41:9a:7e 10.32.244.71 GroupLeader(current node)
10:00:00:05:1e:39:14:00 10.32.244.60 MemberNode