Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
634 DCFM Enterprise User Manual
53-1001357-01
Signing the CSR
A
Signing the CSR
1. Export the certificate signing request (CSR) certificate from the switch.
Cryptocfg -export -scp -KACsr <host IP> <user name> <file path>
NOTE
On some host systems this request does not work. If that is true for your system, copy the .csr file
above manually to the workstation you are using to interface with the key vault.
2. Under the certificate column in the user table, click on the pen icon for the newly created user.
The Sign Certificate Request page is displayed.
3. Either enter the .csr file name exported from the switch in the above steps in the From file box,
or cut and paste the .csr file contents to the From text box and click sign.
4. Under the Certificate column click on the export icon (globe with an arrow).
A web browser file save dialog displays
5. Click save and enter the destination location for this signed certificate. For example;
brcduser1@ncka-1.pem for the primary keyvault and brcduser1@ncka-2.pem for the
secondary keyvault.
6. Perform the above steps for both the primary and secondary key vaults using the same user
name, password, and group.
NOTE
the same CSR file is used for both the primary and secondary key vaults; however, the signed
certificate exported from the two key vaults are different and must be independently registered
as indicated in the steps below.
7. Import the signed certificates back into the switch.
cryptocfg -import -scp <local file> <host IP> <host user name> <host file
path>
NOTE
On some systems the scp (secure copy) may not work, in this case copy the signed certificate
file above to: /etc/fabos/certs/mace/
8. Repeat steps one through six for all member nodes in the encryption group.