Manualshelf

DCFM Professional Plus User Manual (53-1001774-01, June 2010)

ManualsBrandsHP ManualsStorageHP StorageWorks Edge Switch 2/12
491492493494495496497498499500
DCFM Professional Plus User Manual 465
53-1001774-01
18
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA.
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/KACcsr kac_RKM_cert.pem
-days 365 -CA ca
Importing the signed KAC certificate
After a KAC CSR has been submitted and signed by a CA, the signed certificate must be imported
into the switch.
1. From the Encryption Center, select Switch > Import Certificate.
The Import Signed Certificate dialog box displays.
2. Browse to the location where the signed certificate is stored.
3. Click OK.
The signed certificate is stored on the switch.
Uploading the KAC and CA certificates onto the RKM appliance
After an encryption group is created, you need to install the switch public key certificate (KAC
certificate) and signing authority certificate (CA certificate) on the RKM appliance.
1. Start a web browser, and connect to the RKM appliance setup page. You will need the URL, and
have the proper authority level, a user name, and a password.
2. Select the Operations tab.
3. Select Certificate Upload.
4. In the SSLCAcertificateFile field, enter the full local path of the CA certificate. Do not use the
UNC naming convention format.
5. Select Upload, Configure SSL, and Restart Webserver.
6. After the web server restarts, enter the root password.
7. Open another web browser window, and start the RSA management user interface.
You will need the URL, and have the proper authority level, a user name, and a password.
NOTE
The Identity Group name used in the next step may not exist in a freshly installed RKM. To
establish an Identity Group name, click the Identity Group tab, and create a name. The name
Hardware Retail Group is used as an example in the following steps.
8. Select the Key Classes tab. For each of the following key classes, perform steps a. through h. to
create the class. The key classes must be created only once, regardless of the number of
nodes in your encryption group and regardless of the number of encryption groups that will be
sharing this RKM.
kcn.1998-01.com.brocade:DEK_AES_256_XTS
kcn.1998-01.com.brocade:DEK_AES_256_CCM
kcn.1998-01.com.brocade:DEK_AES_256_GCM