Manualshelf

Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series Data Center Fabric Manager Enterprise Software
661662663664665666667668669670
DCFM Enterprise User Manual 631
53-1001357-01
Signing the KAC certificate
A
14. Select Join.
15. You are prompted to confirm the operation. Select Confirm.
The Cluster Configuration page displays, showing the cluster members.
Repeat the procedure to add more members, as needed. Delete the temporary cluster key file
when finished. You should also verify that the same server certificate configured for all cluster
members by selecting the Device tab, and select KMS Server Settings.
Signing the KAC certificate
The KAC certificate exported by the encryption switch or blade must be signed using the certificate
authority created in the “Setting up the local certificate authority” procedure.
1. Go to the location where the kac_skm_req.csr file was downloaded on an SCP-capable host.
You should have this location recorded and available, as described in “Exporting the KAC
certificate request”.
2. Open the file and copy the contents, beginning with
---BEGIN CERTIFICATE REQUEST--- and
ending with
---END CERTIFICATE REQUEST---. Be careful not to include any extra characters.
3. On the SKM key manager main page, select the Security tab.
4. Select Local CAs under Certificates & CAs.
The Certificate and CA Configuration page is displayed.
5. Under Local Certificate Authority List, select the CA Name for the CA created in “Setting up the
local certificate authority”.
6. Select Sign Request.
The Sign Certificate Request page is displayed.
7. Sele ct Sign with Certificate Authority using the CA name with the maximum of 3649 days
option.
8. Select Client as Certificate Purpose.
9. Allow Certificate Duration to default to 3649.
10. Paste the file contents that you copied in step 2 in the Certificate Request Copy area.
11. Select Sign Request.
Upon success, you are presented with the option of downloading the signed certificate.
12. Download the signed certificate to your local system as signed_kac_skm_cert.pem.
This file is then ready to be downloaded to the encryption switch or blade.