Data Center Fabric Manager Enterprise User Manual v10.3.X (53-1001357-01, November 2009)
620 DCFM Enterprise User Manual
53-1001357-01
Uploading the KAC and CA certificates onto the RKM appliance
A
7. Click Save.
If you are using the CLI, you can import the signed KAC certificate to the switch from a file on a LAN
attached host, or you can write it to a USB storage device, attach the USB storage device to the
switch or blade, and import the certificate from that device. The following describes both options.
1. Log into the switch to which you wish to import the certificate as Admin or SecurityAdmin.
2. Enter the cryptocfg
--import command with the appropriate parameters.
The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was
previously exported to the external host 192.168.38.245. Certificates are imported to a
predetermined directory on the node.
SecurityAdmin:switch>cryptocfg --import -scp enc_switch1_cp_cert.pem \
192.168.38.245 mylogin /tmp/certs/enc_switch1_cp_cert.pem
Password:
Operation succeeded.
The following example imports a CP certificate named “enc_switch1_cp_cert.pem” that was
previously exported to USB storage.
SecurityAdmin:switch>cryptocfg --import -usb enc_switch1_cp_cert.pem \
enc_switch1_cp_cert.pem
Operation succeeded.
3. Register the KAC certificate.
SecurityAdmin:switch>cryptocfg --reg -KACcert <certificate file>
Uploading the KAC and CA certificates onto the RKM appliance
After an encryption group is created, you need to install the switch public key certificate (KAC
certificate) and signing authority certificate (CA certificate) on the RKM appliance.
1. Start a web browser, and connect to the RKM appliance setup page. You will need the URL, and
have the proper authority level, a user name, and a password.
2. Select the Operations tab.
3. Select Certificate Upload.
4. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the
UNC naming convention format.
5. Select Upload, Configure SSL, and Restart Webserver.
6. After the web server restarts, enter the root password.
7. Open another web browser window, and start the RSA management user interface.
You will need the URL, and have the proper authority level, a user name, and a password.
NOTE
The Identity Group name used in the next step may not exist in a freshly installed RKM. To
establish an Identity Group name, click the Identity Group tab, and create a name. The name
Hardware Retail Group is used as an example in the following steps.