Manualshelf

DCFM Enterprise User Manual (53-1001775-01, June 2010)

ManualsBrandsHP ManualsStorageHP 8/80 Base (48) Full Fabric Ports Enabled SAN Switch
541542543544545546547548549550
DCFM Enterprise User Manual 505
53-1001775-01
Exporting the KAC certificate signing request (CSR)
20
Exporting the KAC certificate signing request (CSR)
You need to export the KAC CSR to a temporary location prior to submitting the KAC CSR to a
Certificate Authority (CA) for signing.
1. Synchronize the time on the switch and the key manager appliance. They should be within one
minute of each other. Differences in time can invalidate certificates and cause key vault
operations to fail.
2. From the Encryption Center, right-click on the switch and select Properties.
3. If a CSR is present, click Export. If a CSR is not present, right-click on the switch and select
Initnode. This generates switch security parameters and certificates, including the KAC CSR.
A dialog box displays.
4.
5. Select Yes to store the file. The default location for the exported file is My Documents.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. The is the format required in exchanges
with certificate authorities.
Submitting the CSR to a certificate authority
The CSR must be submitted to a certificate authority (CA) to be signed. The certificate authority is a
trusted third party entity that signs the CSR. There are several CAs available, and procedures vary,
but the general steps are as follows.
1. Open an SSL connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA.
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/KACcsr kac_RKM_cert.pem
-days 365 -CA ca
Importing the signed KAC certificate
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
1. From the Encryption Center, select Switch > Import Certificate.
The Import Signed Certificate dialog box displays.
2. Browse to the location where the signed certificate is stored.
3. Click OK.
The signed certificate is stored on the switch.