Register the kac certificate, Verify connectivity – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Page 174

156

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)

1. Enter the following command for the primary KeySecure node.

helium_mace190:root> cryptocfg --reg -KACcert helsinki_190_sskm_10.pem primary
Register KAC status: Operation Succeeded.

2. Enter the following command for the secondary KeySecure node. (if a secondary KeySecure

node is being used).

helium_mace190:root> cryptocfg --reg -KACcert helsinki_190_sskm_10.pem
secondary
Register KAC status: Operation Succeeded.

1. Register the key vault as the primary key vault using the following command.

helium_mace190:root> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.145.10 primary
Register key vault status: Operation Succeeded.
helium_mace190:root>

2. Register the secondary KV, if a secondary key vault is being used.

helium_mace190:root> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.146.10 secondary
Register key vault status: Operation Succeeded.
helium_mace190:root>

Verify connectivity

Check connectivity using the cryptocfg

groupcfg command.

helium_mace190:root> cryptocfg --sh -groupcfg
Encryption Group Name:c1
Failback mode:Auto
Replication mode:Disabled
Heartbeat misses:3
Heartbeat timeout:2
Key Vault Type:KMIP
System Card:Disabled
Primary Key Vault:
IP address:10.38.145.10
Certificate ID:LKM10_CA
Certificate label:SSKM_10
State:Connected
Type:KMIP
Secondary Key Vault not configured
Additional Primary Key Vault Information::

Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: N/A
Time of Day on Key Server: N/A
Server SDK Version: SafeNet, Inc.

Additional Secondary Key Vault Information:

Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: N/A