Register the kac certificate, Verify connectivity – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 174

156
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Configuring the Brocade Encryption Switch key vault setup (SafeNet KeySecure)
3
Register the KAC certificate
1. Enter the following command for the primary KeySecure node.
helium_mace190:root> cryptocfg --reg -KACcert helsinki_190_sskm_10.pem primary
Register KAC status: Operation Succeeded.
2. Enter the following command for the secondary KeySecure node. (if a secondary KeySecure
node is being used).
helium_mace190:root> cryptocfg --reg -KACcert helsinki_190_sskm_10.pem
secondary
Register KAC status: Operation Succeeded.
Register the key vaults as primary and secondary key vaults
1. Register the key vault as the primary key vault using the following command.
helium_mace190:root> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.145.10 primary
Register key vault status: Operation Succeeded.
helium_mace190:root>
2. Register the secondary KV, if a secondary key vault is being used.
helium_mace190:root> cryptocfg --reg -keyvault SSKM_10 local_ca_SSKM_10.pem
10.38.146.10 secondary
Register key vault status: Operation Succeeded.
helium_mace190:root>
Verify connectivity
Check connectivity using the cryptocfg
--
sh
-
groupcfg command.
helium_mace190:root> cryptocfg --sh -groupcfg
Encryption Group Name:c1
Failback mode:Auto
Replication mode:Disabled
Heartbeat misses:3
Heartbeat timeout:2
Key Vault Type:KMIP
System Card:Disabled
Primary Key Vault:
IP address:10.38.145.10
Certificate ID:LKM10_CA
Certificate label:SSKM_10
State:Connected
Type:KMIP
Secondary Key Vault not configured
Additional Primary Key Vault Information::
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: N/A
Time of Day on Key Server: N/A
Server SDK Version: SafeNet, Inc.
Additional Secondary Key Vault Information:
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: N/A