Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)
222 Encryption Administrator’s Guide
53-1001341-02
The HP Secure Key Manager
D
Registering the Brocade user name and password in encryption groups
The Brocade group user name and password you created in “Configuring a Brocade group” must
also be registered on the encryption group leader, and each node in an encryption group.
1. Starting with the encryption group leader, register the user password and user name by issuing
the following command.
SecurityAdmin:switch>cryptocfg --reg -KAClogin primary
NOTE
This command is must be used only for the primary key vault.
2. When prompted, enter the user name specified in step 5 of “Configuring a Brocade group”.
3. When prompted enter and confirm the password specified in step 5 of “Configuring a Brocade
group”.
4. Repeat the procedure for each node in the encryption group.
Keep the following rules in mind when registering the Brocade user name and password:
- The user name and password must match the user name and password specified for the
Brocade group.
- The same user name and password must be configured on all nodes in an encryption
group. This is not enforced or validated by the encryption group members, so care must be
taken when configuring the user name and password to ensure they are the same on each
node.
- Different user names and passwords can never be used within the same encryption group,
but each encryption group may have its own user name and password.
- If you change the user name and password using the -KAClogin option, the keys created by
the previous user become inaccessible. The Brocade group user name and password
must also be changed to the same values on SKM to make the keys accessible.
- When storage is moved from one encryption group to another, and the new encryption
group uses different user name and password, the Brocade group user name and
password must also be changed to the same values on SKM to make the keys accessible.
Setting up the local certificate authority
The local certificate authority is set up by adding Brocade to the Local Certificate Authority List.
After establishing the local certificate authority for Brocade, Brocade is then added and accepted
as a trusted user of SKM.
1. Select the Security tab on the SKM key manager.
2. Select Local CAs under Certificates and CAs.
The Certificate and CA Configuration page is displayed. This page includes the Local Certificate
Authority List, and a Create Local Certificate Authority dialog box.