beautypg.com

Generating the key and csr for fcap, Exporting the csr for fcap, Importing ca for fcap – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 229

background image

ATTENTION

Only the .pem file is supported for FCAP authentication.

Certificate File

Description

name CA.pem

The CA certificate. It must be installed on the remote
and local switch to verify the validity of the switch
certificate or switch validation fails.

name .pem

The switch certificates:switch certificate.

5. On each switch, install the CA certificate before installing switch certificate.
6. After the CA certificate is installed, install the switch certificate on each switch.
7. Update the switch database for peer switches to use third-party certificates.
8. Use the newly installed certificates by starting the authentication process.

Generating the key and CSR for FCAP

The public/private key and CSR has to be generated for the local and remote switches that will
participate in the authentication. In FCAP, one command is used to generate the public/private key the
CSR, and the passphrase.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil generate -fcapall -keysize command on the local switch.

switch:admin> seccertutil generate -fcapall -keysize 1024

WARNING!!!

About to create FCAP:

ARE YOU SURE (yes, y, no, n): [no] y

Installing Private Key and Csr...

Switch key pair and CSR generated...

3. Repeat step 2 on the remote switch.

Exporting the CSR for FCAP

You will need to export the CSR file created in

Generating the key and CSR for FCAP

on page 229

section and send to a Certificate Authority (CA). The CA will in turn provide two files as outlined in

FCAP configuration overview

on page 228.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil export -fcapswcsr command.

switch:admin> seccertutil export -fcapswcsr

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter Login Name: jdoe

[email protected]'s password:

Success: exported FCAP CA certificate

Importing CA for FCAP

Once you receive the files back from the Certificate Authority, you will need to install or import them
onto the local and remote switches.

Generating the key and CSR for FCAP

Fabric OS Administrators Guide

229

53-1003130-01

See also other documents in the category Brocade Computer Accessories: