Obtaining and importing the lkm/sskm certificate, Obtaining and importing the, Lkm/sskm certificate – Brocade Network Advisor SAN + IP User Manual v12.1.0 User Manual
Page 932
878
Brocade Network Advisor SAN + IP User Manual
53-1002949-01
Steps for connecting to an LKM/SSKM appliance
25
Obtaining and importing the LKM/SSKM certificate
Certificates must be exchanged between the LKM/SSKM appliance and the encryption switch to
enable mutual authentication. You must obtain a certificate from the LKM/SSKM appliance and
import it into the encryption Group Leader. The encryption Group Leader exports the certificate to
other encryption group members.
To obtain and import an LKM/SSKM certificate, complete the following steps:
1. Open an SSH connection to the NetApp LKM/SSKM appliance and log in.
host$ssh [email protected]
[email protected]'s password:
Copyright (c) 2001-2009 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.
2. Add the Group Leader to the LKM/SSKM key sharing group. Enter lkmserver add
--
type
third-party
--
key-sharing-group "/" followed by the Group Leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/"
10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
3. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM certificate
content.
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
4. Copy and paste the LKM/SSKM certificate content from the NetApp LKM/SSKM appliance
terminal into an editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the
entire certificate, including the lines
-----BEGIN CERTIFICATE-----
and
-----END
CERTIFICATE-----.
5. If you are using the Management application, the path to the file must be specified in the
Select Key Vault dialog box when creating a Group Leader. If the proper path is entered, the file
is imported.