Steps for connecting to a kmip-compliant safenet, Keysecure, Steps for connecting to a – Brocade Network Advisor SAN User Manual v12.3.0 User Manual

Page 795: Kmip-compliant safenet keysecure, Figure 286

Brocade Network Advisor SAN User Manual

743

53-1003154-01

Steps for connecting to a KMIP-compliant SafeNet KeySecure

FIGURE 286

Import Signed Certificate dialog box

3. Browse to the location where the signed certificate is stored, then click OK.

The signed certificate is stored on the switch.

Steps for connecting to a KMIP-compliant SafeNet KeySecure

With the introduction of Fabric OS 7.1.0, the Key Management Interoperability Protocol (KMIP)
KeySecure Management Console can be used on the switch. Any KMIP-compliant server can be
reregistered as a KMIP key vault on the switch after setting the key vault type to KMIP.

Currently, KMIP with SafeNet KeySecure 6.1 in native KMIP mode with the Brocade Encryption
Switch in KMIP mode is supported. All nodes in an encryption group should be running Fabric OS
7.1.0 and later for the key vault type to be set to KMIP.

After installing the SafeNet KeySecure appliance (also referred to as the KeySecure), you must
complete the following steps before the switch can be configured with the KeySecure. These steps
must be performed only once, in preparation for first-time configuration.

NOTE

If you are configuring two KeySecure nodes, you must complete step 1 through step 6 on the primary
node, then complete step 7 on the secondary node. If only a single node is being configured, step 7
is not needed.

The following suggested order of steps must be completed to create a secure connection to the
SafeNet KeySecure.

1. Set FIPS compliance. (Refer to

“Setting FIPS compliance”

on page 744.)

2. Create a local CA. (Refer to

“Creating a local CA”

on page 745.)

3. Create a server certificate. (Refer to

“Creating a server certificate”

on page 746.)

4. Create a cluster. (Refer to

“Creating a cluster”