Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch Power Pack

581

582

583

584

585

586

587

588

589

590

Fabric OS Command Reference Manual 557

53-1000436-01

secCertUtil

genkey Generates a public/private key pair. This is the first step for setting up

third-party certificates. The key length can be either 1,024 or 2,048 bits long.

The greater the length of the key, the more secure is the connection; however,

the performance goes down. The keys are generated only after deleting

existing CSR and all other certificates.

gencsr Generates a new CSR for the switch. This is second step for setting up

third-party certificates in the switch. To generate a CSR, the admin must

answer a series of questions prompted by this option. Once all questions are

answered, a CSR is generated and placed in a file named ip_address.csr,

where the ip_address is the IP address of the switch.

delcsr Deletes the CSR in the switch.

showcsr Displays the contents of the CSR in the switch without page breaks. Use pipe

operator followed by “more” option to display the contents of the CSR in the

switch page breaks.

show Displays a list of all certificates in the switch.

show certificate name

Displays the contents of the specified certificate.

delete certificate name

Deletes the specified certificate.

export Exports a CSR to a host. This is typically used to submit the CSR to a CA who

in turn issues a certificate.

import [-config cacert] | [-config swcert [-enable https]]

Import a certificate on to the switch. Use this for the following:

Download a certificate issued by a CA after sending the CSR to the CA.

Download an Issuing CA certificate.

Set imported certificate with -config option. Specifying cacert sets the CA certificate file name in

configuration and specifying swcert sets switch certificate file name in configuration.

Enable secure protocols with -enable option. This option can be used only with -config swcert.

Examples To generate a public/private key pair:

switch:admin> seccertutil genkey

Generating a new key pair will automatically do the following:

1. Delete all existing CSRs.

2. Delete all existing certificates.

3. Reset the certificate filename to none.

4. Disable secure protocols.

Continue (yes, y, no, n): [no] y

Select key size [1024 or 2048]:

Generating new rsa public/private key pair

Done.

To generate a CSR:

switch:admin> seccertutil gencsr

Country Name (2 letter code, eg, US):

State or Province Name (full name, eg, California):