HP StorageWorks Fabric OS 5.0.0 Command Reference Guide (AA-RW1MA-TE, May 2005)

ManualsBrandsHP ManualsStorageBrocade BladeSystem 4/24 SAN Switch

521

522

523

524

525

526

527

528

529

530

Fabric OS 5.0.0 command reference guide 529

Operands

The operands are as follows:

import [-config cacert] | [-config swcert [-enable https]]

Import a certificate on to the switch. Use this for the following:

• Download a certificate issued by a CA after sending the CSR to the CA.

• Download an Issuing CA certificate.

• Set imported certificate with -config option. Specifying cacert sets the CA certificate file name in

configuration and specifying swcert sets switch certificate file name in configuration.

• Enable secure protocols with -enable option. This option can be used only with -config swcert.

Examples

To generate a public/private key pair:

genkey Generates a public/private key pair.This is the first step for setting up

third-party certificates. The key length can be either 1,024 or 2,048 bits long.

The greater the length of the key, the more secure is the connection; however,

the performance goes down. The keys are generated only after deleting

existing CSR and all other certificates.

gencsr Generates a new CSR for the switch. This is second step for setting up

third-party certificates in the switch. To generate a CSR, the admin must

answer a series of questions prompted by this option. Once all questions are

answered, a CSR is generated and placed in a file named

ip_address.csr. The ip_address is the IP address of the switch.

delcsr Deletes the CSR in the switch.

showcsr Displays the contents of the CSR in the switch.

show Displays a list of all certificates in the switch.

show

certificate

name

Displays the contents of the specified certificate.

delete

certificate

name

Deletes the specified certificate.

export Exports a CSR to a host. This is typically used to submit the CSR to a CA who

in turn issues a certificate.

switch:admin> seccertutil genkey

Generating a new key pair will automatically do the following:

1. Delete all existing CSRs.

2. Delete all existing certificates.

3. Reset the certificate filename to none.

4. Disable secure protocols.

Continue (yes, y, no, n): [no] y

Select key size [1024 or 2048]:

Generating new rsa public/private key pair

Done.