Manualshelf

Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)

ManualsBrandsHP ManualsStorageBrocade 4Gb SAN Switch
41424344454647484950
Secure Fabric OS Administrator’s Guide 31
53-1000244-02
2
7. Ensure that both logical switches have an Advanced Zoning license activated, as described in
“Verifying or Activating Secure Fabric OS and Advanced Zoning Licenses” on page 9.
8. If the firmware was upgraded, perform the following steps:
a. Download and install the PKICert utility on the PC workstation, if not preinstalled, as
described in “Removing PKI Objects” on page 12.
b. Use the PKICert utility to create a file containing the CSRs of all the switches in the fabric,
as described in “Using the PKICert Utility to Obtain CSR” on page 13.
c. Obtain digital certificates from the switch supplier, as described in “Obtaining the Digital
Certificate File” on page 12.
d. Use the PKICert utility to load the certificates onto both logical switches, as described in
“Distributing Digital Certificates to the Switches” on page 18.
e. Verify that the digital certificates are installed on both logical switches, as described in
“Verifying the Digital Certificate” on page 10.
The pkiShow command referenced in this procedure must be executed from both logical
switches.
Installing a Supported CLI Client on a Workstation
Standard telnet sessions work only until secure mode is enabled. The following telnet clients are
supported after secure mode has been enabled:
sectelnet
sectelnet is a secure form of telnet that is available for switches running Fabric OS v3.2.0,
v4.4.0, v5.0.1, v5.1.0, v5.2.0, or v5.3.0. For instructions on installing the sectelnet client, see
the following procedures.
SSH
SSH is a secure form of telnet that is supported only for switches running Fabric OS v4.1.x or
later. You can use SSH clients that support version 2 of the protocol (for example, OpenSSH or
F-Secure). See the Fabric OS Administrator’s Guide for client installation instructions.
sectelnet is provided on the Brocade Partner Web site. It can be used as soon as a digital
certificate is installed on the switch
CAUTION
Ensure that all intermediate hops are secure when accessing a switch by way of sectelnet or SSH;
otherwise, user passwords might be compromised.
To install the sectelnet client on a Solaris workstation
1. Obtain the Solaris version of the sectelnet file from the switch supplier and copy the file onto
the workstation.
2. Decompress the tar file and install it to a location that is “known” to the computer, such as in
the directory containing the standard telnet file. The location must be defined in the i
environmental variable.
sectelnet is immediately available.