Manualshelf

HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch
131132133134135136137138139140
140 Configuring advanced security features
Additional Microsoft Active Directory settings
a. Set the following SCHANNEL settings listed in Table 43 to allow.
To support FIPS compliant TLS cipher suites on Microsoft’s Active Directory server, allow the
SCHANNEL settings listed in Table 43. See the Microsoft website for instructions that explain how
to allow the SCHANNEL settings for the ciphers, hashes, key exchange and the TLS protocol.
b. Enable FIPS algorithm policy on the Microsoft Active Directory. Visit www.microsoft.com for
instructions.
LDAP certificates for FIPS mode
To utilize the LDAP services for FIPS between the switch and the host, you must generate a CSR on the
Active Directory server, import and export the CA certificates. To support server certificate validation, it is
essential to have the CA certificate installed on the switch and Active Directory server. Issue the
secCertUtil command to import the CA certificate to the switch. This will prompt for the remote IP and
login credentials to fetch the CA certificate. The CA certificate should be in any of the standard certificate
formats: .cer, .crt or .pem.
For storing and obtaining CA certificates, follow the instructions earlier in this section. LDAP CA certificate
file names should not contain spaces while using secCertUtil for import/export of the certificate.
Importing an LDAP switch certificate
This option imports the LDAP CA certificate from the remote host to the switch.
1. Connect to the switch and log in as admin.
2. Issue the secCertUtil import -ldapcacert command.
Example of importing an LDAP certificate:
switch:admin> seccertutil import -ldapcacert
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.38.206
Enter remote directory: /users/aUser/certs
Enter certificate name (must have ".crt" or ".cer" ".pem" suffix): LDAPTestCa.cer
Enter Login Name: aUser
Password: <hidden>
Success: imported certificate [LDAPTestCa.cer].
Table 43 Active Directory Keys to modify
Key Sub-key
Ciphers 3DES
Hashes SHA1
Key exchange
algorithm
PKCS
Protocols TLSv1.0