Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

231

232

233

234

235

236

237

238

239

240

Importing CA for FCAP

Once you receive the files back from the Certificate Authority, you will need to install or import them onto the local and remote switches.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM

permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import -fcapcacert command and verify the CA certificates are consistent on both local and remote

switches.

switch:admin> seccertutil import -fcapcacert

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter certificate name (must have a ".pem" suffix):CACert.pem

Enter Login Name: jdoe

jdoe@10.1.2.3's password: <hidden text>

Success: imported certificate [CACert.pem].

NOTE

Firmware downgrade from Fabric OS 7.3.0 to an earlier version is blocked if SHA-256 is one of the configured hash

types for DH-CHAP or FCAP in at least one of the logical switches.

Importing the FCAP switch certificate

ATTENTION

The CA certificates must be installed prior to installing the switch certificate.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM

permissions for the PKI RBAC class of commands.

2. Enter the secCertUtil import -fcapswcert command.

switch:admin> seccertutil import -fcapswcert

Select protocol [ftp or scp]: scp

Enter IP address: 10.1.2.3

Enter remote directory: /myHome/jdoe/OPENSSL

Enter certificate name (must have ".crt" or ".cer" ".pem" or ".psk" suffix):01.pem

Enter Login Name: jdoe

jdoe@10.1.2.3's password: <hidden text>

Success: imported certificate [01.pem].

Starting FCAP authentication

1. Log in to the switch using an account with admin permissions, or an account with OM permissions for the Authentication RBAC

class of commands.

2. Enter the authUtil --authinit command to start the authentication using the newly imported certificates. (This command is not

supported in Access Gateway mode.)

3. Enter the authUtil --policy -sw command with either the active or on option.

authutil --policy -sw active

This makes the changes permanent and forces the switch to request authentication. (For Access Gateway mode, the defaults

for sw policy and dev policy are off, and there is no passive option for sw policy.)

NOTE

This authentication-policy change does not affect online EX_Ports.

Configuring Security Policies

Brocade Fabric OS Administration Guide, 8.0.1

53-1004111-02 235