Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch

241

242

243

244

245

246

247

248

249

250

Encryption Administrator’s Guide 227

53-1001341-02

The HP Secure Key Manager

4. Select Known CAs under Certificates & CAs.

The Certificate and CA Configuration page is displayed.

5. Type the certificate name in the Certificate Name field under Install CA certificate.

6. Paste the certificate data you copied previously in the “Copying the local CA certificate”

procedure. If you kept the browser window open as suggested in “Copying the local CA

certificate”, the same data is available in that browser window.

7. Se le ct Install.

8. From the HP SKM key manager main page, select the Device tab.

9. Select Cluster under Device Configuration.

10. Select Join Cluster.

11. Type the original cluster member’s IP address into Cluster Member IP. This is the IP address

designated as the local IP address that you recorded for this step in “Creating an SKM Key

vault High Availability cluster”

12. Browse to the location of the temporary cluster key file that you copied in “Creating an SKM

Key vault High Availability cluster” for the Cluster Key File.

13. Type the cluster password you recorded in “Creating an SKM Key vault High Availability cluster”

as the Cluster Password.

14. Select Join.

15. You are prompted to confirm the operation. Select Confirm.

The Cluster Configuration page displays, showing the cluster members.

Repeat the procedure to add more members, as needed. Delete the temporary cluster key file

when finished. You should also verify that the same server certificate configured for all cluster

members by selecting the Device tab, and select KMS Server Settings.

Signing the KAC certificate

The KAC certificate exported by the encryption switch or blade must be signed using the certificate

authority created in the “Setting up the local certificate authority” procedure.

1. Go to the location where the kac_skm_req.csr file was downloaded on an SCP-capable host.

You should have this location recorded and available, as described in “Exporting the KAC

certificate request”.

2. Open the file and copy the contents, beginning with

---BEGIN CERTIFICATE REQUEST--- and

ending with

---END CERTIFICATE REQUEST---. Be careful not to include any extra characters.

3. On the SKM key manager main page, select the Security tab.

4. Select Local CAs under Certificates & CAs.

The Certificate and CA Configuration page is displayed.

5. Under Local Certificate Authority List, select the CA Name for the CA created in “Setting up the

local certificate authority”.

6. Select Sign Request.

The Sign Certificate Request page is displayed.