Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
214 Encryption Administrator’s Guide
53-1001341-02
The RSA Key Manager
D
If you are using the CLI, you can import the signed KAC certificate to the switch from a file on a LAN
attached host, or you can write it to a USB storage device, attach the USB storage device to the
switch or blade, and import the certificate from that device. The following describes both options.
1. Log into the switch to which you wish to import the certificate as Admin or SecurityAdmin.
2. Enter the cryptocfg
--import command with the appropriate parameters.
The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was
previously exported to the external host 192.168.38.245. Certificates are imported to a
predetermined directory on the node.
SecurityAdmin:switch>cryptocfg --import -scp enc_switch1_cp_cert.pem \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was
previously exported to USB storage.
SecurityAdmin:switch>cryptocfg --import -usb enc_switch1_cp_cert.pem \
enc_switch1_cp_cert.pem
Operation succeeded.
3. Register the KAC certificate.
SecurityAdmin:switch>cryptocfg --reg -KACcert <certificate file>