Manualshelf

Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)

ManualsBrandsHP ManualsSoftwareHP B-series SAN Network Advisor Software
481482483484485486487488489490
444 Brocade Network Advisor SAN User Manual
53-1002167-01
Steps for connecting to an RKM appliance
18
Submitting the CSR to a certificate authority
The CSR must be submitted to a CA to be signed. The certificate authority is a trusted third-party
entity that signs the CSR. There are several CAs available and procedures vary, but the general
steps are as follows:
1. Open an SSL connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA:
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/<Switch CSR Name> -days 365
-CA cacert.pem -CAkey private/cakey.pem -out newcerts/<Switch Cert Name>
Importing the signed KAC certificate
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
1. Select a switch from the Encryption Center Devices table, then select Switch > Import
Certificate from the menu task bar, or right-click a switch and select Import Certificate.
The Import Signed Certificate dialog box displays (Figure 163).
FIGURE 163 Import Signed Certificate dialog box
2. Browse to the location where the signed certificate is stored.
3. Click OK.
The signed certificate is stored on the switch.
Uploading the KAC and CA certificates onto the RKM appliance
After an encryption group is created, you need to install the switch public key certificate (KAC
certificate) and signing authority certificate (CA certificate) on the RKM appliance.
1. Open a web browser and connect to the RKM appliance setup page. You will need the URL and
have the proper authority level, user name, and password.
2. Select the Operations tab.
3. Select Certificate Upload.
4. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the
UNC naming convention format.