Brocade Secure Fabric OS Administrator's Guide - Supporting Fabric OS v3.2.0, v4.4.0, v5.0.1, v5.1.0, 5.2.0, and 5.3.0 (53-1000244-02, June 2007)
Secure Fabric OS Administrator’s Guide 13
53-1000244-02
2
Save the digital certificate file on a secure workstation. The recommended location is in the
directory with the CSR file. Making a backup copy of the digital certificate file and storing it in a
secure location is recommended.
Installing the PKICert Utility
The PKI certificate installation utility (PKICert utility) version 1.0.6 is provided by the switch supplier
and is used to collect certificate signing requests (CSRs) and install digital certificates on switches.
The utility must be installed on a computer workstation.
To install the PKICert utility on a Solaris workstation, follow the instructions provided in the PKICert
utility ReadMe file.
To install the PKICert utility on a PC workstation
1. Locate the PKICert utility from the switch supplier.
2. Extract all the files from the utility zip file into a directory.
3. Execute setup.exe; the program installs a utility in a location specified during the installation.
4. Review the ReadMe file for current information about the utility.
Using the PKICert Utility to Obtain CSR
The PKICert utility makes it possible to retrieve certificate signing requests (CSRs) from all the
switches in the fabric and save them into a CSR file in XML format. PKICert also allows the user to
create license reports, and it provides online help. (CSRs and PKI digital certificates also are used
in Fabric OS v4.4.0, v5.0.1, v5.1.0, v5.2.0, and v5.3.0 with SSL certificates. The utility to retrieve
certificates, the CSRs themselves, and the digital certificates for these two uses are different. See
the Fabric OS Administrator’s Guide for information on SSL.
NOTE
If this procedure is interrupted by a switch reboot, the CSR file is not generated and the procedure
must be repeated. The examples in the guide are PC-specific.
The PKICert utility can be used only in nonsecure mode to generate or install certificates.
While performing the certificate request process using PKICert, the switch name should not contain
spaces. If the switch name contains spaces, the CSR is rejected by the Brocade web site.
In Fabric OS v4.4.x, v5.0.1, v5.1.0, v5.2.0, and v5.3.0 PKIcert installs only one certificate on a
single-domain chassis. Previous Fabric OS versions install two certificates.
To obtain the CSR file for the fabric
1. On a PC, double-click pkicert.exe.
The PKICert utility prompts for the events log file name.
2. Type a file name for the events log and press Enter, or just press Enter to accept the default.
The log file is automatically created in the same directory as pkicert.exe.
PKI CERTIFICATE INSTALLATION UTILITY pki_v1.0.6
All events and errors will be recorded in an event/error log file.