Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 167

Fabric OS Encryption Administrator’s Guide (KMIP)
149
53-1002747-02
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
3
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
1. Initialize the Brocade Encryption Switch node.
SecurityAdmin:switch> cryptocfg --initnode
Operation succeeded.
2. Initialize the new encryption engine.
SecurityAdmin:switch> cryptocfg --initEE [slotnumber]
Operation succeeded.
3. Register the encryption engine.
SecurityAdmin:switch> cryptocfg --regEE [slotnumber]
Operation succeeded.
4. Enable the encryption engine.
SecurityAdmin:switch> cryptocfg --enableEE [slotnumber]
Operation succeeded.
5. Check the encryption engine state using following command to ensure encryption engine is
online:
SecurityAdmin:switch> cryptocfg --show -localEE
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
After installing the SSKM KeySecure appliance, you must complete the following steps before the
Brocade Encryption Switch can be configured with the SSKM appliance. Once these steps are
completed, proceed to
“Configuring the Brocade Encryption Switch key vault setup (SafeNet
NOTE
If you are configuring two key secure nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.
The following is a suggested order of steps needed to create a secure connection to the KMIP
appliance.
1. Set FIPS compliance. (Refer to
2. Create a local CA. (Refer to
3. Create a server certificate. (Refer to
“Creating a server certificate”
4. Create a cluster. (Refer to
5. Back up the certificates (Refer to