Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

191

192

193

194

195

196

197

198

199

200

You can request a certificate from a CA through a web browser. After you request a certificate, the CA either sends certificate

files by e-mail (public) or gives access to them on a remote host (private).

5. On each switch, install the certificate. Once the certificate is loaded on the switch, HTTPS starts automatically.

6. If necessary, install the root certificate to the browser on the management workstation.

7. Add the root certificate to the Java plug-in keystore on the management workstation.

Certificate authorities

To ease maintenance and allow secure out-of-band communication between switches, consider using one certificate authority (CA) to

sign all management certificates for a fabric. If you use different CAs, management services operate correctly, but the Web Tools Fabric

Events button is unable to retrieve events for the entire fabric.

Each CA (for example, Verisign or GeoTrust) has slightly different requirements; for example, some generate certificates based on IP

address, while others require an FQDN, and most require a 1024-bit public/private key pair while some may accept a 2048-bit key.

Consider your fabric configuration, check CA websites for requirements, and gather all the information that the CA requires.

Generating a public/private key pair

Use the following procedure to generate a public/private key pair.

NOTE

You must perform this procedure on each switch.

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the secCertUtil genkey command to generate a public/private key pair.

The system reports that this process will disable secure protocols, delete any existing CSR, and delete any existing certificates.

3. Respond to the prompts to continue and select the key size.

The following example generates a key pair

Continue (yes, y, no, n): [no] y

Select key size [1024 or 2048]: 1024

Generating new rsa public/private key pair

Done.

Generating and storing a Certificate Signing Request

After generating a public/private key pair, you must generate and store a certificate signing request (CSR).

1. Connect to the switch and log in using an account with admin permissions.

2. Enter secCertUtil gencsr.

3. Enter the requested information.

The following example generates a CSR.

Country Name (2 letter code, eg, US):US

State or Province Name (full name, eg, California):California

Locality Name (eg, city name):San Jose

Organization Name (eg, company name):Brocade

Organizational Unit Name (eg, department name):Eng

Common Name (Fully qualified Domain Name, or IP address): 192.1.2.3

Generating CSR, file name is: 192.1.2.3.csr

Done.

Configuring Protocols

Brocade Fabric OS Administration Guide, 8.0.1

196 53-1004111-02