Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis

251

252

253

254

255

256

257

258

259

260

Send documentation comments to mdsfeedback-doc@cisco.com

C-5

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide

OL-18091-01, Cisco MDS NX-OS Release 4.x

Appendix C Provisioning Self-Sign Certificates

Generating and Installing Self-Signed Certificates

a Generate all certificates and configure switch

h Print this usage screen

switch:./createSmeCerts.tcl a

Dir to store certificates [] :.

Openssl path [/usr/bin] :

RootCA CN [RootCA] :SMECA

Trust Pass Phrase [nbv123] :nbv123

Certificate Validity days [365] :1024

Trust point name [sme_ca] :

Generating CA certificate ...

Generated CA certificate /users/filename1/SSL script/./cacert.pem

Create switch certificate and configure trustpoint ...

Switch IP [] :switchname

username [] :admin

password [] :

Created certificate and configured trustpoint for switch: ips-hac4

Do you want to configure another switch? (y/n) [n] :n

Generating KMC certificate ...

KMC Common Name [] :KMC

Generated KMC certificate: /users/filename1/SSL script/./sme_KMC_server.p12

switch:./createSmeCerts.tcl k

Dir where RootCA certificate is stored [] :.

Reading properties from /users/filename1/SSL script/./sme_cert.properties

Generating KMC certificate ...

KMC Common Name [] :FM

Generated KMC certificate: /users/filename1/SSL script/./sme_FM_server.p12

switch:ls

cacert.pem openssl_FM.conf sme_FM_server.cert sme_KMC_server.csr

cacert.srl openssl_KMC.conf sme_FM_server.csr sme_KMC_server.key

createSmeCerts.tcl* privkey.pem sme_FM_server.key sme_KMC_server.p12

createSmeCerts.tcl.orig* README* sme_FM_server.p12 sw_ips.csr

openssl.conf sme_cert.properties sme_KMC_server.cert sw_ips.pem

switch:

Step 2 Use JAVA keytool (JRE 1.6) to generate Java keystores.

"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importkeystore -srckeystore

sme_KMC_server.p12 -srcstoretype PKCS12 -destkeystore sme_kmc_server.jks -deststoretype

JKS

"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importkeystore -srckeystore

sme_FM_server.p12 -srcstoretype PKCS12 -destkeystore sme_fm_server.jks -deststoretype JKS

"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importcert -file cacert.pem -keystore

sme_kmc_trust.jks -storetype JKS

"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importcert -file cacert.pem -keystore

fmtrust.jks -storetype JKS

Step 3 Run the following commands for the Fabric Manager server:

Copy sme_fm_server.jks to <FMINSTALL>/jboss/server/default/conf/fmserver.jks

Copy fmtrust.jks to <FMINSTALL>/jboss/server/default/conf/fmtrust.jks

Go to <FMInstall>/bin