DCFM Enterprise User Manual (53-1001775-01, June 2010)
DCFM Enterprise User Manual 503
53-1001775-01
Encryption node initialization and certificate generation
20
Encryption node initialization and certificate generation
When an encryption node is initialized, the following security parameters and certificates are
generated:
• FIPS crypto officer
• FIPS user
• Node CP certificate
• A self-signed Key authentication center (KAC) certificate
• A Key authentication center (KAC) signing request (CSR)
From the standpoint of external SAN management application operations, the FIPS crypto officer,
FIPS user, and node CP certificates are transparent to users. The KAC certificates are required for
operations with key managers. In most cases, KAC certificate signing requests must be sent to a
Certificate Authority (CA) for signing to provide authentication before the certificate can be used. In
all cases, signed KACs must be present on each switch.
Encryption nodes are initialized by the Configure Switch Encryption wizard when you confirm a
configuration.
Encryption nodes may also be initialized from the Encryption Center.
1. From the Encryption Center, select Switch > Init Node.
The following warning displays.
2. Select Yes to initialize the node.