Manualshelf

Brocade Fabric OS Encryption Administrator's Guide v6.3.0 (53-1001341-02, July 2009)

ManualsBrandsHP ManualsStorageHP Encryption SAN Switch
251252253254255256257258259260
Encryption Administrator’s Guide 233
53-1001341-02
Thales Encryption Manager for Storage
D
1. Invoke the Thales key vault web browser and log in as manager.
2. Create a group to be used for managing Brocade encryption switches and blades. This group
must be named brocade. This only needs to be done once for each key vault.
3. Click the Client tab.
4. Click the Add Client tab.
5. Enter the Brocade user name from the previous procedure “Generating the Brocade user
name and password” in the Name field.
6. Enter the password from the previous procedure “Generating the Brocade user name and
password” in the Password and Verify Password fields.
7. Select the group brocade from the group menu.
8. Click Add Client.
A client user is created. Verify the user just created is listed in the table. Continue with “Signing
the CSR”.
Signing the CSR
1. Export the certificate signing request (CSR) certificate for each encryption group member,
using the following command.
Cryptocfg -export -scp -KACcsr <host IP> <user name> <file path>
NOTE
On some host systems this request does not work. If that is true for your system, copy the .csr file
above manually to the workstation you are using to interface with the key vault.
2. Under the certificate column in the user table, click on the pen icon for the newly created user.
The Sign Certificate Request page is displayed.
3. Either enter the .csr file name exported from the switch in the above steps in the From file box,
or cut and paste the .csr file contents to the From text box and click sign.
4. Under the Certificate column click on the export icon (globe with an arrow).
A web browser file save dialog displays
5. Click save and enter the destination file location for this signed certificate. For example;
brcduser1@ncka-1.pem for the primary keyvault and brcduser1@ncka-2.pem for the
secondary keyvault.
6. Perform the above steps for both the primary and secondary key vaults using the same user
name, password, and group.
NOTE
the same CSR file is used for both the primary and secondary key vaults; however, the signed
certificate exported from the two key vaults are different and must be independently registered
as indicated in the steps below.
7. Import the signed certificate back into the switch.
cryptocfg -import -scp <local file> <host IP> <host user name> <host file
path>