Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
Secure Fabric OS Administrator’s Guide 11
53-1000244-02
2
The command displays the status of the PKI objects.
NOTE
“Root Certificate” is an internal PKI object. “Certificate” is the digital certificate.
Displaying PKI objects on Fabric OS v4.x or later:
switch:admin> pkishow
Passphrase : Exist
Private Key : Exist
CSR : Exist
Certificate : Exist
Root Certificate: Exist
Displaying PKI objects on Fabric OS v3.2.0:
switch:admin> configshow “pki”
Passphrase : Exist
Private Key : Exist
CSR : Exist
Certificate : Exist
Root Certificate: Exist
3. Verify that Certificate and objects display Exist.
4. Repeat for the remaining switches in the fabric.
CREATING PKI OBJECTS
The PKI objects (except for the digital certificate) are automatically generated the first time Fabric
OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, v5.2.0, or v5.3.0 is booted. If any of the PKI objects appears to be
missing, in secure mode, the switch segments from the fabric and disables security.
NOTE
Secure mode must be disabled to perform this procedure.
To use the CLI to re-create the PKI objects on Fabric OS v4.4.0, v5.0.1, v5.1.0, v5.2.0, or v5.3.0
1. Log in to the switch as admin.
2. Type the pkiRemove command. If the switch is a two-domain Brocade 24000, enter this
command on both logical switches.
3. Type the pkiCreate command to create new PKI objects. New PKI objects are created without
digital certificates. If the switch is a two-domain Brocade 24000, enter this command on both
logical switches. The pkiCreate command does not work if secure mode is already enabled.
switch:admin> pkicreate
Installing Private Key and Csr...
Switch key pair and CSR generated...
Installing Root Certificate...
4. Type the pkiShow command. If the switch is a two-domain Brocade 24000, enter this
command on both logical switches.
switch:admin> pkishow
Passphrase : Exist
Private Key : Exist
CSR : Exist