Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)

ManualsBrandsHP ManualsSoftwareHP B-series SAN Network Advisor Software

641

642

643

644

645

646

647

648

649

650

DCFM Enterprise User Manual 613

53-1001357-01

Importing the signed KAC certificate

The signed KAC certificate must be imported into the switch or blade that generated the CSR.

If you are using the SAN Management program, do the following.

1. Select Configure > Encryption from the menu bar.

The Encryption Center dialog box displays the status of all encryption-related hardware and

functions at a glance. It is the single launching point for all encryption-related configuration.

2. Select the switch or encryption engine from the Encryption Devices table, and select Switch >

Properties or Engine > Properties from the menu bar, or right-click the switch or encryption

engine and select Properties.

The Encryption Properties dialog box is displayed.

3. Click Import

An Open dialog box is displayed.

4. From Look In, browse to the location where you stored the signed KAC certificate after you

received it from the CA.

5. To limit the number of files displayed to .pem files, select Certificate Files (*.pem) from Files of

Type.

6. Select the file and click Open.

You are returned to Encryption Properties.

7. Click Save.

If you are using the CLI, you can import the signed KAC certificate to the switch from a file on a

LAN-attached host, or you can write it to a USB storage device, attach the USB storage device to the

switch or blade, and import the certificate from that device. The following describes both options.

1. Log into the switch to which you wish to import the certificate as Admin or SecurityAdmin.

2. Enter the cryptocfg

--import command with the appropriate parameters.

The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was

previously exported to the external host 192.168.38.245. Certificates are imported to a

predetermined directory on the node.

SecurityAdmin:swicth>cryptocfg --import -scp enc_switch1_cp_cert.pem \

192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem

Password:

Operation succeeded.

The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was

previously exported to USB storage.

SecurityAdmin:switch>cryptocfg --import -usb enc_switch1_cp_cert.pem \

enc_switch1_cp_cert.pem

Operation succeeded.