Registering lkm/sskm on the, Encryption group leader – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual
Page 143
Fabric OS Encryption Administrator’s Guide (LKM/SSKM)
125
53-1002925-01
Steps for connecting to an LKM/SSKM appliance
3
Registering LKM/SSKM on the encryption group leader
The LKM/SSKM CA certificate must be registered on the encryption group leader. The encryption
group leader sends this certificate to the encryption group members.
1. Set the key vault type to LKM.
SecurityAdmin:switch> cryptocfg --set -keyvault LKM
Set key vault status: Operation Succeeded
2. Register the key vault’s certificate on the group leader. The group leader automatically shares
this information with other group members. It may take around one minute to complete the
operation.
SecurityAdmin:switch> cryptocfg --reg -keyvault LKM_CA
primary
3. As the switches come up, enable the encryption engines.
SecurityAdmin:switch> cryptocfg --enableEE
Operation succeeded.
4. Use the crypytocfg
--
show
-
groupcfg command to verify that the key vault state is Connected.
switch:admin> cryptocfg --show -groupcfg
Encryption Group Name: dftest
Failback mode: Auto
Replication mode: Disabled
Heartbeat misses: 3
Heartbeat timeout: 2
Key Vault Type: LKM
System Card: Disabled
Primary Key Vault:
IP address: 10.32.49.200
Certificate ID: 3D2-LKM3-B05-200
Certificate label: LKM3
State: Connected
Type: LKM
Secondary Key Vault:
IP address: 10.32.49.201
Certificate ID: 3D2-LKM4-B05-201
Certificate label: LKM4
State: Connected
Type: LKM
Additional Primary Key Vault Information::
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: 32579
Time of Day on Key Server: N/A
Server SDK Version: N/A
TrusteeId :
Additional Secondary Key Vault Information:
Key Vault/CA Certificate Validity: Yes
Port for Key Vault Connection: 32579
Time of Day on Key Server: N/A
Server SDK Version: N/A
TrusteeId :