Brocade Fabric Manager Administrator's Guide v6.1.0 (53-10000610-02, June 2008)
186 Fabric Manager Administrator’s Guide
53-10000610-02
Secure communication over HTTPS
13
Secure communication over HTTPS
By default, Fabric Manager connects to all switches using HTTP. You can change the security
configuration to enable switch connection using HTTP over SSL (HTTPS). The connection setting
applies to the entire Fabric Manager server and not to selected switches.
When setting HTTPS communication for the Fabric Manager client, all switches must support
HTTPS.
You change the security configuration using the Server Management Console. See “Secure
communication settings (HTTP or HTTPS)” on page 332 for instructions.
NOTE
If you downgrade from v5.3.0 to v5.2.0b, the https daemon does not start automatically; Fabric
Manager with enabled SSL will then lose the connection to the switch.
Truststore management
Fabric Manager provides a default trusted certificates repository (truststore) with well-known root
Certification Authority (CA) certificates. This truststore is in the following location:
Solaris and Linux: <installdir>/server/server/fmserver/conf/cacerts.jks
Windows: <installdir>\server\server\fmserver\conf\cacerts.jks
The default truststore password is “password”.
Fabric Manager provides the following set of command line utilities to manage the truststore:
You can use these utilities to import, export, delete, and print trusted certificates. You can also
change the default trusted password.
ATTENTION
Use care when typing the password, as it is echoed (displayed exactly as typed). This is a limitation
of the Java keytool.
Fabric Manager supports certificate validation and extended hostname verification (if they are
enabled). By default, both certificate validation and hostname verification are enabled.
If certificate validation is enabled, switch connection is not established unless the certificate is
issued by a trusted CA. If the switch certificate is not issued by a well-known CA (or one of the
trusted CAs in the trusted certificate repository), the root certificate must be added to the trusted
certificate repository.
importcert Imports a certificate from a file and add it to the list of trusted certificates
(truststore).
exportcert Exports a certificate from the truststore to another file.
listcert Prints the contents of a truststore entry or the entire truststore file.
printcert Prints the contents of a certificate stored in a file other than the truststore.
deletecert Deletes a truststore entry.
storepasswd Changes the default truststore password. The new password must be at least six
characters long.