Manualshelf

Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software
641642643644645646647648649650
DCFM Enterprise User Manual 611
53-1001357-01
Obtaining and importing the LKM certificate
A
Obtaining and importing the LKM certificate
Certificates must be exchanged between LKM and the encryption switch to enable mutual
authentication. You must obtain a certificate from LKM, and import it into the encryption group
leader. The encryption group leader exports the certificate to other encryption group members.
To obtain and import an LKM certificate, do the following.
1. Open an SSH connection to the NetApp LKM appliance and log in.
host$ssh admin@10.33.54.231
admin@10.33.54.231's password:
Copyright (c) 2001-2009 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.
2. Add the group leader to the LKM key sharing group. Enter lkmserver add --type third-party
--key-sharing-group "/" followed by the group leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/" 10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
3. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM certificate
content.
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
4. Copy and paste the LKM certificate content from the NetApp LKM appliance terminal into an
editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the entire certificate,
including the lines
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
5. On the group leader, import the previously saved LKM certificate from the SCP-capable host:
- If you are using the Management application, the path to the file must be specified on the
Select Key Vault dialog box. If the proper path is entered, the file is imported.
- If you are using the CLI, use the cryptocfg -- import command with the -scp option. The
following example imports a certificate file named lkmcert.pem.
SecurityAdmin:switch>cryptocfg --import -scp lkmcert.pem 192.168.38.245 \
mylogin /tmp/certs/lkmcert.pem
Password:
Operation succeeded.