Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
DCFM Enterprise User Manual 635
53-1001357-01
Registering the certificates
A
Registering the certificates
Examples below are for the two Thales key vaults installed. Commands assume the exported
signed certificates were saved as brcduser1@ncka-1 and brcduser1@ncka-2 for the primary and
secondary key vaults and the data port IP addresses are 10.32.44.112 and 10.32.44.114.
1. Set the key vault type.
cryptocfg --set -keyvault NCKA
2. Register the signed KAC certificates.
cryptocfg --reg -KACcert brcduser1@ncka-1.pem primary
cryptocfg -reg -KACcert brcduser1@ncka-2.pem secondary
3. Register the primary and secondary key vault certificates and data port IP addresses.
cryptocfg --reg -keyvault NCKA_CA1 brcduser1@ncka-1.pem 10.32.44.112 primary
cryptocfg --reg -keyvault NCKA_CA2 brcduser1@ncka-2.pem 10.32.44.114 secondary
NOTE
The signed certificate file contains both the client and keyvault CA certificates so the same file
name is used for both the keyvault and KACcert registration.
4. Repeat steps one and two for each encryption group member.
5. Display the group configuration to verify values
cryptocfg --show -groupcfg