Brocade Fabric OS Encryption Administrator's Guide Supporting Fabric OS v6.2.0 (53-1001201-04, May 2009)
38 Encryption Administrator’s Guide
53-1001201-04
Configure Encryption for RKM key vaults
2
FIGURE 24 Configuration Status dialog box
DCFM sends API commands to verify the switch configuration. The CLI commands are detailed in
Chapter 3, “Encryption configuration using the CLI”.
• Initialize the switch
If the switch is already in the initiated state, DCFM performs the
cryptocfg --initnode
command.
• Create encryption group on the switch
DCFM creates a new group using the
cryptocfg --create -encgroup command, and sets
the key vault type using the
cryptocfg --set -keyvault command.
• Register key vault(s)
DCFM registers the key vault using the cryptocfg --reg keyvault command.
• Enable the encryption engines
DCFM initializes an encryption switch using the
cryptocfg --initEE [<slotnumber>] and
cryptocfg --regEE [<slotnumber>] commands.
• Create a new master key
DCFM checks for a new master key. New master keys are generated from the Encryption Group
Properties dialog box, Security tab. See “Creating a new master key” on page 84 for more
information.
• Save the switch’s public key certificate to a file
DCFM saves the KAC certificate into the specified file.
• Back up the master key to a file
DCFM saves the master key into the specified file.
16. Click Next.