Brocade Network Advisor SAN User Manual v11.1x (53-1002167-01, May 2011)

ManualsBrandsHP ManualsSoftwareHP B-series SAN Network Advisor Software

501

502

503

504

505

506

507

508

509

510

Brocade Network Advisor SAN User Manual 461

53-1002167-01

Steps for connecting to an SKM appliance

Signing the Brocade encryption node KAC certificates

1. The KAC certificate signing request generated when the encryption node is initialized must be

exported for each encryption node and signed by the Brocade local CA on SKM. The signed

certificate must then be imported back into the encryption node.

2. Select Configure > Encryption from the menu task bar.

The Encryption Center dialog box displays.

3. Select a switch from the Encryption Center Devices table, then select Switch > Export

Certificate, from the menu task bar, or right-click a switch and select Export Certificate.

The Export Switch Certificate dialog box displays.

4. Select Public Key Certificate Request (CSR), then click OK.

You are prompted to save the CSR, which can be saved to your SAN Management Program

client PC, or an external host of your choosing.

Alternatively, you may select a switch, then select Switch > Properties. Click the Export button

beside the Public Key Certificate Request, or copy the CSR for pasting into the Certificate

Request Copy area on the SKM Sign Certificate Request page.

5. Launch the SKM administration console in a web browser and log in.

6. Select the Security tab.

7. Sel ec t Local CAs under Certificates & CAs.

The Certificate and CA Configuration page displays.

8. Under Local Certificate Authority List, select the Brocade CA name.

9. Select Sign Request.

The Sign Certificate Request page displays.

10. Select Sign with Certificate Authority using the Brocade CA name and maximum of 3649 days.

11. Select Client as Certificate Purpose.

12. Allow Certificate Duration to default to 3649.

13. Paste the file contents that you copied in step 3 in the Certificate Request Copy area.

14. Select Sign Request.

15. Download the signed certificate to your local system as signed_kac_skm_cert.pem.

This file is ready to be imported to the encryption switch or blade.

Importing a signed KAC certificate into a switch

After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported

into the switch.

NOTE

This operation can be performed only after the switch is added to the encryption group.

1. Select Configure > Encryption from the menu task bar.

The Encryption Center dialog box displays.