Nonstop Volume Level Encryption Guide
sftp>
sftp> quit
s. Verify that the NonStop temporary subvolume contains the DER formatted NSSuser signed
certificate, the DER formatted NSSuser private key, the NSSuser passphrase file, and the
signed certificate file:
$SYSTEM ZENCRYPT 18> fileinfo *
$SYSTEM.ZENCRYPT
CODE EOF LAST MODIFIED OWNER RWEP PExt SExt
NSSUCERT 0 928 17SEP2009 17:32 255,255 NUNU 14 112
NSSUKEY 0 1261 17SEP2009 17:32 255,255 NUNU 14 112
NSSUPASS 101 2074 17SEP2009 17:21 255,255 NUNU 14 14
SIGNCERT 101 1514 17SEP2009 17:19 255,255 NUNU 14 14
t. Secure these files as āCCCCā:
$SYSTEM ZENCRYPT 19> fup secure *, CCCC
$SYSTEM ZENCRYPT 20>
$SYSTEM ZENCRYPT 20> fileinfo *
$SYSTEM.ZENCRYPT
CODE EOF LAST MODIFIED OWNER RWEP PExt SExt
NSSUCERT 0 928 17SEP2009 17:32 255,255 CCCC 14 112
NSSUKEY 0 1261 17SEP2009 17:32 255,255 CCCC 14 112
NSSUPASS 101 2074 17SEP2009 17:21 255,255 CCCC 14 14
SIGNCERT 101 1514 17SEP2009 17:19 255,255 CCCC 14 14
$SYSTEM ZENCRYPT 21>
u. Use the CLIMCMD rm command to delete the files on the temporary directory on the CLIM:
$SYSTEM ZENCRYPT 23> climcmd c100231 rm -rf /tmp/zencrypt/
comForte SSH client version T9999H06_05Aug2009_comForte_SSH_0086b
Termination Info: 0
$SYSTEM ZENCRYPT 24>
The signed NSSuser client certificate has been created. Go on to āH. Add local CA NSVLECA,
other local CAs and known CAs to the key manager's trusted CA list ā (page 40).
H. Add local CA NSVLECA, other local CAs and known CAs to the key manager's trusted CA list
The trusted CA list is the list of CAs that can be used by the key manager to verify a client certificate.
You must add any known CAs that you have installed to the Trusted CA List profile, along with the
local CAs created to be used to sign the CLIM client certificates.
a. On the Security tab, select Trusted CA Lists.
b. Select the radio button for the profile name Default:
c. Select Properties for the Trusted Certificate Authority List
40 Installation