beautypg.com

Importing the fcap switch certificate, Starting fcap authentication – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 230

background image

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import -fcapcacert command and verify the CA certificates are consistent on

both local and remote switches.

switch:admin> seccertutil import -fcapcacert

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter certificate name (must have a ".pem" suffix):CACert.pem

Enter Login Name: jdoe

[email protected]'s password:

Success: imported certificate [CACert.pem].

Importing the FCAP switch certificate

ATTENTION

The CA certificates must be installed prior to installing the switch certificate.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import -fcapswcert command.

switch:admin> seccertutil import -fcapswcert

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):01.pem

Enter Login Name: jdoe

[email protected]'s password:

Success: imported certificate [01.pem].

Starting FCAP authentication

1. Log in to the switch using an account with admin permissions, or an account with OM permissions

for the Authentication RBAC class of commands.

2. Enter the authUtil --authinit command to start the authentication using the newly imported

certificates. (This command is not supported in Access Gateway mode.)

3. Enter the authUtil --policy -sw command with either the active or on option.

authutil --policy -sw active

This makes the changes permanent and forces the switch to request authentication. (For Access
Gateway mode, the defaults for sw policy and dev policy are off, and there is no passive option for
sw policy.)

NOTE
This authentication-policy change does not affect online EX_Ports.

Fabric-wide distribution of the authorization policy

The AUTH policy can be manually distributed to the fabric by command; there is no support for
automatic distribution. To distribute the AUTH policy, see

Distributing the local ACL policies

on page

240 for instructions.

Importing the FCAP switch certificate

230

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: