HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)

Fabric OS 6.1.1 administrator guide 141

Exporting an LDAP switch certificate

This option exports the LDAP CA certificate from the switch to the remote host.

1. Connect to the switch and log in as admin.

2. Issue the secCertUtil export -ldapcacert command.

Example of exporting an LDAP CA certificate:

switch:admin> seccertutil export -ldapcacert

Select protocol [ftp or scp]: scp

Enter IP address: 192.168.38.206

Enter remote directory: /users/aUser/certs

Enter Login Name: aUser

Enter LDAP certificate name (must have ".pem" \ suffix):LDAPTestCa.cer

Password: <hidden>

Success: exported LDAP certificate

Deleting an LDAP switch certificate

This option deletes the LDAP CA certificate from the switch.

1. Connect to the switch and log in as admin.

2. Issue the secCertUtil delete -ldapcacert <file_name> command. Where the

<filename> is the name of the LDAP certificate on the switch

Example of deleting an LDAP CA certificate:

switch:admin> seccertutil delete -ldapcacert LDAPTestCa.pem

WARNING!!!

About to delete certificate: LDAPTestCa.cer

ARE YOU SURE (yes, y, no, n): [no] y

Deleted LDAP certificate successfully

Preparing the switch for FIPS

The following functionalities are blocked in FIPS mode. It is important, therefore, to prepare the switch by

disabling these functionalities prior to enabling FIPS.

• The root account is blocked in FIPS mode. Therefore, all root only functionalities will not be available.

• HTTP, Telnet, RPC, SNMP protocols need to be disabled. Once these are blocked, you cannot use these

protocols to read or write data from and to the switch

• Configdownload and firmwaredownload using an FTP server will be blocked.

See Table 41 on page 137 for a complete list of restrictions between FIPS and non-FIPS mode.

IMPORTANT: Only roles with SecurityAdmin and Admin can enable FIPS mode.