Fabric OS Encryption Administrator's Guide
46 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Creating a new encryption group
2
FIGURE 30 Next Steps dialog box
20. Review post-configuration instructions, which you can copy to a clipboard or print for later.
21. Click Finish to exit the Configure Switch Encryption wizard.
22. Review “Understanding configuration status results”.
Understanding configuration status results
After configuration of the encryption group is completed, the Management application sends API
commands to verify the switch configuration. The CLI commands are detailed in encryption
administrator’s guide for your key vault management system.
• Initialize the switch. If the switch is not already in the initiated state, the Management
application performs the cryptocfg
--initnode command.
• Create an encryption group on the switch. The Management application creates a new group
using the cryptocfg
--create -encgroup command, and sets the key vault type using the
cryptocfg
--set -keyvault command.
• Register the key vault. The Management application registers the key vault using the
cryptocfg
--reg keyvault command.
• Enable the encryption engines. The Management application initializes an encryption switch
using the cryptocfg
--initEE [<slotnumber>] and cryptocfg --regEE [<slotnumber>]
commands.
• Create a new master key. (Opaque key vaults only). The Management application checks for a
new master key. New master keys are generated from the Security tab located in the
Encryption Group Properties dialog box. See “Creating a new master key” on page 87 for more
information.
• Save the switch’s public key certificate to a file. The Management application saves the KAC
certificate into the specified file.