Signing the encryption node kac csr on kmip, Signing the, Encryption node kac csr on kmip – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 60
42
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Steps for connecting to a KMIP appliance (SafeNet KeySecure)
2
Signing the encryption node KAC CSR on KMIP
The KAC certificate signing request generated when the encryption node is initialized must be
exported for each encryption node and signed by the Brocade local CA on KMIP. The signed
certificate must then be imported back into the encryption node.
1. Select Configure > Encryption from the menu task bar to display the The Encryption Center
dialog box (Refer to
2. Select a switch from the Encryption Center Devices table, then select Switch > Export
Certificate, from the menu task bar.
The Export Switch Certificate dialog box displays.
3. Select Public Key Certificate Request (CSR), then click OK.
You are prompted to save the CSR, which can be saved to your SAN Management Program
client PC, or an external host of your choosing.
Alternatively, you may select a switch, then select Switch > Properties. Click the Export button
beside the Public Key Certificate Request, or copy the CSR for pasting into the Certificate
Request Copy area on the KMIP Sign Certificate Request page.
4. Launch the KMIP administration console in a web browser and log in.
5. From the SSKM Management Console, select the Security tab, then select CAs & SSL
Certificates > Local CAs.
6. The Certificate and CA Configuration page displays.
7. Under Local Certificate Authority List, select the local CA name, and verify that its CA Status is
shown as Active.
8. Click Sign Request.
The Sign Certificate Request page displays (