Manualshelf

Cisco MDS 9000 Family Storage Media Encryption Configuration Guide - Release 4.x (OL-18091-01, February 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9140 Multilayer Fabric Switch Chassis
251252253254255256257258259260
Send documentation comments to mdsfeedback-doc@cisco.com
D-4
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
OL-18091-01, Cisco MDS NX-OS Release 4.x
Appendix D RSA Key Manager and Cisco SME
Creating JKS Files Using the Java Keytool
An optional company name []:
Step 10 Set the duration the certificate will be valid. Keep track of this date.
OpenSSL> x509 -req -days 365 -in server.csr -CA rt.cert -CAkey rt.key -CAcreateserial -out
server.cert
Loading 'screen' into random state - done
Signature ok
subject=/C=AU/ST=wi/L=town/O=cisco/OU=tac/CN=bill/emailAddress=bill@cisco.com
Getting CA Private Key
Step 11 Create the pkcs12 certificate for serverpub.
OpenSSL> pkcs12 -export -in server.cert -inkey server.key -nokeys -out serverpub.p12
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
Step 12 Create the pkcs12 certificate again for the server.
OpenSSL> pkcs12 -export -in server.cert -inkey server.key -out server.p12
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
OpenSSL>
Creating JKS Files Using the Java Keytool
To create the JKS files needed by the Fabric Manager server using the JAVA Keytool, do the following:
Step 1 Copy client.p12 and serverpub.p12 that are found in the OpenSSL /bin directory to the Fabric Manager
Server Java directory tool directory C:\Program Files\Java\jre1.5.0_11\bin.
Step 2 From a DOS window in the Java /bin directory, create the JKS files needed by the Cisco SME KMC.
Import client PKCS12 keystore to JKS
keytool -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore
sme_rkm_client.jks -deststoretype JKS
Import server PKCS12 keystore to JKS
keytool -importkeystore -srckeystore serverpub.p12 -srcstoretype PKCS12 -destkeystore
sme_rkm_trust.jks -deststoretype JKS
Place these keystore files in the mds9000/conf/cert directory and restart Fabric Manager server.