beautypg.com

Dell POWEREDGE M1000E User Manual

Page 180

background image

148

Fabric OS Command Reference

53-1001764-02

cryptoCfg

2

host IP | host_name

Specifies the IP address of the host to which the file is to be exported. To
specify the host by name, it must first be configured with dnsconfig.

host_username

Specifies the user name for the host. Depending on your host
configuration, the command may prompt for a password.

host_file_path Specifies the fully qualified path to the file on the host to which the file is

to be exported. This includes the file name. Make sure to name your
certificates so you can track the file type and the originator switch, for
example, name_cpcert.pem.

-usb

Exports a specified certificate to a mounted USB storage device. When -usb is
specified, the following operands are required:

dest_filename

Specifies the name of the file on the USB device to which the file is to be
exported. The file is stored in a predetermined default directory on the
storage device.

Specify one of the following certificates to be exported. Certificates must be
specified by file type. Referring to certificates by file name is not permitted.
These file types are valid both with the -scp and with the -usb options.

-dhchallenge vault_IP_address

Exports the DH Challenge file for the specified key vault.

-currentMK

Exports the current master key file.

-KACcert

Exports the KAC certificate.

-KACcsr

Exports the certificate sign request file. Use cryptocfg –-reg –KACcert to
register the certificate on the node after it has been signed and
reimported. This procedure must be performed for all nodes that
participate in a two-way certificate exchange-based authentication
mechanism with key vaults. Two-way certificate exchange is supported
only for the RKM, HP SKM, and NCKA key vaults.

-CPcert

Exports the member node CP certificate.

--

import

Imports a certificate from a specified external host or from a mounted USB
storage device to a predetermined directory on the local encryption switch or
blade. This command is valid on all nodes.

Files to be imported include member node CP certificates and key vault
certificates. Use the cryptocfg --show -file -all command to view all imported
files. The following operands are supported with the --import command:

-scp

Imports a specified certificate from an external host using the secure copy
(SCP) protocol. When -scp is specified, the following operands are required:

local_name

Specifies the name to be assigned to the imported certificate. This is a
user-generated file name.

host_IP | host_name

Specifies the IP address or name of the host from which to import the
file. To specify the host by name, it must first be configured with
dnsconfig.

See also other documents in the category Dell Computer Accessories: