beautypg.com

Table 7 ssl certificate files, Choosing a ca, Table 8 recommended cas – HP Brocade 4Gb SAN Switch for HP BladeSystem p-Class User Manual

Page 55: Generating a public/private key, 7 ssl certificate files, 8 recommended cas

background image

Fabric OS 5.0.0 procedures user guide

55

You can request a certificate from a CA through a Web browser. After you request a certificate, the CA

either sends certificate files by e-mail (public) or gives access to them on a remote host (private).

Typically, the CA provides the certificate files listed in

Table 7

.

4.

On each switch:
a. Install the certificate.
b. Activate the certificate.

5.

If necessary, install the root certificate to the browser on the management workstation.

6.

Add the root certificate to the Java Plug-in keystore on the management workstation.

Choosing a CA

To ease maintenance and allow secure out-of-band communication between switches, consider using one

CA to sign all management certificates for a fabric. If you use different CAs, management services operate

correctly, but the Web Tools Fabric Events button is unable to retrieve events for the entire fabric.

Table 8

lists recommended Certificate Authorities. Each CA has slightly different requirements; for

example, some generate certificates based on IP address, while others require an FQDN, and most

require a 1024-bit public/private key while some might accept a 2048-bit key. Consider your fabric

configuration, check CA Web sites for requirements, and gather all the information that the CA requires.

Generating a public/private key

Perform this procedure on each switch:

1.

Connect to the switch and log in as admin.

2.

Issue the following command to generate a public/private key pair:

The system reports that this process disables secure protocols, delete any existing CSR, and delete any

existing certificates.

Table 7

SSL certificate files

Certificate file

Description

name.crt

The switch certificate.

nameRoot.crt

The root certificate. Typically, this certificate is already installed

in the browser, but if not, you must install it.

nameCA.crt

The CA certificate. It is not necessary to install this, but you can if

you want the CA name to be displayed in the browser window.

Table 8

Recommended CAs

Certificate authority

Web Site

Verisign

www.verisign.com

Entrust

www.entrust.com

InstantSSL

www.instantssl.com

GeoTrust

www.geotrust.com

switch:admin> seccertutil genkey

See also other documents in the category HP Storage: