Data Center Fabric Manager Professional Plus User Manual - Supporting DCFM 10.3.x (53-1001356-01, October 2009)

DCFM Professional Plus User Manual 577
53-1001356-01
Submitting the CSR to a certificate authority
A
DRAFT: BROCADE CONFIDENTIAL
The following example exports a CSR to USB storage.
SecurityAdmin:switch>cryptocfg --export -usb KACcsr kac_rkm_cert.pem
Operation succeeded.
If you export the CSR to a USB storage device, you will need to remove the storage device from
the switch, and then attach it to a computer that has access to a third party certificate
authority (CA). If you are using the SAN Management application, this can be your SAN
Management application workstation. The CSR must be submitted to a CA.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. The is the format required in exchanges
with certificate authorities.
Submitting the CSR to a certificate authority
The CSR must be submitted to a certificate authority (CA) to be signed. The certificate authority is a
trusted third party entity that signs the CSR. There are several CAs available, and procedures vary,
but the general steps are as follows.
1. Open an SSL connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
4. Store the signed certificates, preferably in the same location as the CSR.
Importing the signed KAC certificate
The signed KAC certificate must be imported into the switch or blade that generated the CSR.
If you are using the SAN Management program, do the following.
1. Select Configure > Encryption from the menu bar.
The Encryption Center dialog box displays the status of all encryption-related hardware and
functions at a glance. It is the single launching point for all encryption-related configuration.
2. Select the switch or encryption engine from the Encryption Devices table, and select Switch >
Properties or Engine > Properties from the menu bar, or right-click the switch or encryption
engine and select Properties.
The Encryption Properties dialog box is displayed.
3. Click Import
An Open dialog box is displayed.
4. From Look In, browse to the location where you stored the signed KAC certificate after you
received it from the CA.
5. To limit the number of files displayed to .pem files, select Certificate Files (*.pem) from Files of
Type.
6. Select the file and click Open.
You are returned to Encryption Properties.