Manualshelf

Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
131132133134135136137138139140
Encryption Administrator’s Guide 115
53-1001201-04
Key vault configuration
3
13. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the
UNC naming convention format.
If the appliance is being shared, be sure to append the CA cert to the existing uploaded cert.
You may inadvertently overwrite existing certificates if this is not done.
14. Select Upload, Configure SSL, and Restart Webserver.
15. After the web server restarts, enter the root password.
16. Open another web browser window, and start the RKM management user interface.
You will need the URL, and have the proper authority level, a user name, and a password.
NOTE
The Identity Group name used in the next step may not exist in a freshly installed RKM server.
To establish an Identity Group name, click the Identity Group tab, and create a name. The
name Hardware Retail Group is shown in the next steps.
17. Select the Key Classes tab. For each of the following key classes, perform steps a. through h.
to create the class. The key classes must be created only once, regardless of the number of
nodes in your encryption group and regardless of the number of encryption groups that will be
sharing this RKM.
kcn.1998-01.com.brocade:DEK_AES_256_XTS
kcn.1998-01.com.brocade:DEK_AES_256_CCM
kcn.1998-01.com.brocade:DEK_AES_256_GCM
kcn.1998-01.com.brocade:DEK_AES_256_ECB
a. Click Create.
b. Type the key name string into the Name field.
c. Select Hardware Retail Group for Identity Group.
d. Deselect Activated Keys Have Duration.
e. Select AES for Algorithm.
f. Select 256 for Key Size.
g. Select the Mode for the respective key classes as follows:
XTS for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_XTS"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_CCM"
CBC for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_GCM"
ECB for Key Class "kcn.1998-01.com.brocade:DEK_AES_256_ECB"
h. Click Next.
i. Repeat a. through h. for each key class.
j. Click Finish.
18. For each node, create an identity as follows.
a. Select the Identities tab.
b. Click Create.
c. Enter a label for the node in the Name field. This is a user-defined identifier.