Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
21222324252627282930
12 Secure Fabric OS Administrator’s Guide
53-1000244-02
2
Certificate : Empty
Root Certificate: Exist
The command displays the status of the PKI objects.
5. Repeat for any other switches, as required.
REMOVING PKI OBJECTS
You cannot delete PKI objects in secure mode. If they are deleted when secure mode is disabled,
secure mode cannot be re-enabled until they are generated. If any PKI objects are missing, all the
PKI objects should be deleted using the pkiRemove command and then regenerated using the
pkiCreate command or by rebooting the switch (any missing PKI objects, except the digital
certificate, are automatically regenerated when the switch is rebooted). If the digital certificate is
deleted, it must be reinstalled on the switch according to the instructions provided in “Distributing
Digital Certificates to the Switches on page 18.
For Fabric OS v3.2.0, use configRemove to remove all the PKI objects, type configUpload, and then
fastboot the switch. After the switch reboots, all PKI objects are available except for the certificate.
To remove PKI objects in unsecured mode
switch:admin> pkiremove
WARNING!!!
Removing Pki objects will impair the security functionality
of this fibre channel switch. If you want secure mode enabled,
you will need to get the switch certificate again.
About to remove Pki objects.
ARE YOU SURE (yes, y, no, n): [no] y
All PKI objects removed.
If run in secure mode, the following error message is displayed:
switch:admin> pkiremove
This Switch is in secure mode.
Removing Pki objects is not allowed. Exiting...
OBTAINING THE DIGITAL CERTIFICATE FILE
The switch supplier provides the digital certificates in an XML file that is generated in response to
the CSRs. Generally, the digital certificate file is provided by email.
To obtain the digital certificate file, contact the switch supplier and provide the following
information:
The CSR file from procedure in “Using the PKICert Utility to Obtain CSR” on page 13
Email address
Technical contact
Phone
Country
The switch supplier provides a confirmation number and the digital certificate file, which contains a
certificate for each CSR submitted.