Manualshelf

Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software
481482483484485486487488489490
Brocade Network Advisor SAN User Manual 441
53-1002167-01
Encryption node initialization and certificate generation
18
Encryption node initialization and certificate generation
When an encryption node is initialized, the following security parameters and certificates are
generated:
FIPS crypto officer
FIPS user
Node CP certificate
A signed Key Authentication Center (KAC) certificate
A KAC Certificate Signing Request (CSR)
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration.
Encryption nodes may also be initialized from the Encryption Center dialog box.
1. Select a switch from the Encryption Center Devices table, then select Switch > Init Node from
the menu task bar, or right-click a switch and select Init Node.
A warning displays (Figure 162).
FIGURE 162 Warning message
2. Select Yes to initialize the node.