Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
231232233234235236237238239240
Encryption Administrator’s Guide 221
53-1001341-02
The HP Secure Key Manager
D
Exporting the KAC certificate request
A KAC certificate request must be exported for each encryption node to an SCP-capable host.
1. Log into the group leader as Admin or SecurityAdmin.
2. Set the SKM key vault type by entering the cryptocfg
--set -keyvault command with the SKM
option. Successful execution sets the key vault type for the entire encryption group.
SecurityAdmin:switch>cryptocfg --set -keyvault SKM
Set key vault status: Operation Succeeded.
3. On each node in the encryption group, export the KAC certificate to an SCP-capable host.
SecurityAdmin:switch>cryptocfg --export -scp -KACcsr
192.168.38.245 mylogin /tmp/certs/kac_skm.csr
NOTE
Record this location so you can easily find the KAC certificate for signing in the “Signing the KAC
certificate” procedure.
Configuring a Brocade group
A Brocade group is configured on SKM for all keys created by Brocade encryption switches and
blades. This needs to be done only once for each key vault.
1. Launch the SKM administration console in a web browser and log in.
2. Select the Security tab.
3. Select Local Users & Groups under Users and Groups.
The User & Group Configuration page is displayed.
4. Select Add under Local Users.
5. Add a new user name under Username, and a password under Password.
6. Select the User Administration Permission and Change Password Permission check boxes.
7. Se le ct Save to save this user data.
8. Select Add under Local Groups.
9. Add a new group called Brocade under Group.
10. Select Save.
11. Select the new brocade group name, and then select Properties.
Local Group Properties and a User List are displayed.
12. In the User List section, select or type the Brocade user name under Username.
13. Select Save.
The Brocade user name and password are now configured on SKM.
NOTE
Fabric OS version 6.2.0 uses brcduser1 as a standard user name when creating a Brocade group
on SKM. If you downgrade from version 6.3.0 or later to version 6.2.0, the user name is overwritten
to brcduser1, and the Brocade group user name must be changed to brcduser1.