Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 5100

171

172

173

174

175

176

177

178

179

180

1. Connect to the switch and log in using an account with admin permissions.

2. Use the sshUtil delpubkeys command to delete public keys.

You will be prompted to enter the name of the user whose the public keys you want to delete. Enter

all to delete public keys for all users.

For more information on IP filter policies, refer to Configuring Security Policies on page 209.

Deleting private keys on the switch

Use the following procedure to delete private keys from the switch.

1. Log in to the switch as the allowed-user.

2. Use the sshUtil delprivkey command to delete the private key.

For more information on IP filter policies, refer to Configuring Security Policies on page 209.

Secure Sockets Layer protocol

Secure Sockets Layer (SSL) protocol provides secure access to a fabric through web-based

management tools such as Web Tools. SSL support is a standard Fabric OS feature.

Switches configured for SSL grant access to management tools through Hypertext Transfer Protocol

over SSL links (which begin with https:// ) instead of standard links (which begin with http:// ).

SSL uses public key infrastructure (PKI) encryption to protect data transferred over SSL connections.

PKI is based on digital certificates obtained from an Internet Certificate Authority (CA) that acts as the

trusted key agent.

Certificates are based on the switch IP address or fully qualified domain name (FQDN), depending on

the issuing CA. If you change a switch IP address or FQDN after activating an associated certificate,

you may have to obtain and install a new certificate. Check with the CA to verify this possibility, and

plan these types of changes accordingly.

Browser and Java support

Fabric OS supports the following web browsers for SSL connections:

• Internet Explorer v7.0 or later (Microsoft Windows)

• Mozilla Firefox v2.0 or later (Solaris and Red Hat Linux)

NOTE

Review the release notes for the latest information and to verify if your platform and browser are

supported.

In countries that allow the use of 128-bit encryption, you should use the latest version of your browser.

For example, Internet Explorer 7.0 and later supports 128-bit encryption by default. You can display

the encryption support (called "cipher strength") using the Internet Explorer Help > About menu

option. If you are running an earlier version of Internet Explorer, you may be able to download an

encryption patch from the Microsoft website at http://www.microsoft.com .

You should upgrade to the Java 1.6.0 plug-in on your management workstation. To find the Java

version that is currently running, open the Java console and look at the first line of the window. For

more details on levels of browser and Java support, refer to the Web Tools Administrator's Guide.

Deleting private keys on the switch

178 Fabric OS Administrators Guide

53-1003130-01