Brocade Network Advisor SAN User Manual
545
53-1002696-01
Steps for connecting to a DPM appliance
20
4. Do one of the following:
•
If a CSR is present, click Export.
•
If a CSR is not present, select a switch from the Encryption Center Devices table, then
select Switch > Init Node from the menu task bar. This generates switch security
parameters and certificates, including the KAC CSR.
5. Save the file. The default location for the exported file is in the Documents folder.
NOTE
The CSR is exported in Privacy Enhanced Mail (.pem) format. This is the format required in
exchanges with Certificate Authorities (CAs).
Submitting the CSR to a certificate authority
The CSR must be submitted to a Certificate Authority (CA) to be signed. The CA is a trusted
third-party entity that signs the CSR. Several CAs are available and procedures vary, but the general
steps are as follows:
1. Open an SSL/TLS connection to an X.509 server.
2. Submit the CSR for signing.
3. Request the signed certificate.
Generally, a public key, the signed KAC certificate, and a signed CA certificate are returned.
4. Download and store the signed certificates.
The following example submits a CSR to the demoCA from RSA:
cd /opt/CA/demoCA
openssl x509 -req -sha1 -CAcreateserial -in certs/<Switch CSR Name> -days 365
-CA cacert.pem -CAkey private/cakey.pem -out newcerts/<Switch Cert Name>
NOTE
You can change the number of days that a certificate will expire based on your site's security policies.
For more information on changing the certificate expiry date, refer to
“KAC certificate registration
expiry”
on page 545.
KAC certificate registration expiry
It is important to keep track as to when your signed KAC certificates will expire. Failure to work with
valid certificates causes certain commands to not work as expected. If you are using the certificate
expiry feature and the certificate expires, the key vault server will not respond as expected. For
example, the group leader in an encryption group might show that the key vault is connected;
however, a member node reports that the key vault is not responding.
To verify the certificate expiration date, use the following command:
openssl x509 –in newcerts/<Switch Cert Name> -dates –noout
Output:
Not Before: Dec 4 18:03:14 2009 GMT
Not After : Dec 4 18:03:14 2010 GMT
Содержание Network Advisor 12.0.0
Страница 36: ...xxxvi Brocade Network Advisor SAN User Manual 53 1002696 01...
Страница 82: ...34 Brocade Network Advisor SAN User Manual 53 1002696 01 License downgrade 2...
Страница 86: ...38 Brocade Network Advisor SAN User Manual 53 1002696 01 Uninstalling a patch 3...
Страница 122: ...74 Brocade Network Advisor SAN User Manual 53 1002696 01 VM Manager discovery 4...
Страница 184: ...136 Brocade Network Advisor SAN User Manual 53 1002696 01 Fabric tracking 5...
Страница 214: ...166 Brocade Network Advisor SAN User Manual 53 1002696 01 User profiles 6...
Страница 236: ...188 Brocade Network Advisor SAN User Manual 53 1002696 01 Searching for an assigned event filter 7...
Страница 284: ...236 Brocade Network Advisor SAN User Manual 53 1002696 01 User defined performance monitors 8...
Страница 320: ...272 Brocade Network Advisor SAN User Manual 53 1002696 01 Grouping on the topology 9...
Страница 336: ...288 Brocade Network Advisor SAN User Manual 53 1002696 01 Microsoft System Center Operations Manager SCOM plug in 10...
Страница 434: ...386 Brocade Network Advisor SAN User Manual 53 1002696 01 Port Auto Disable 12...
Страница 442: ...394 Brocade Network Advisor SAN User Manual 53 1002696 01 Exporting Host port mapping 13...
Страница 450: ...402 Brocade Network Advisor SAN User Manual 53 1002696 01 Exporting storage port mapping 14...
Страница 536: ...488 Brocade Network Advisor SAN User Manual 53 1002696 01 Virtual FCoE port configuration 16...
Страница 552: ...504 Brocade Network Advisor SAN User Manual 53 1002696 01 Security configuration deployment 17...
Страница 878: ...830 Brocade Network Advisor SAN User Manual 53 1002696 01 Removing thresholds 24...
Страница 922: ...874 Brocade Network Advisor SAN User Manual 53 1002696 01 VLAN routing 26...
Страница 990: ...942 Brocade Network Advisor SAN User Manual 53 1002696 01 SAN Connection utilization 29...
Страница 998: ...950 Brocade Network Advisor SAN User Manual 53 1002696 01 Removing a frame monitor from a switch 30...
Страница 1138: ...1090 Brocade Network Advisor SAN User Manual 53 1002696 01 Call Home Event Tables B...
Страница 1144: ...1096 Brocade Network Advisor SAN User Manual 53 1002696 01 IP Performance monitoring events C...
Страница 1186: ...1138 Brocade Network Advisor SAN User Manual 53 1002696 01 Regular Expressions F...
Страница 1486: ...1438 Brocade Network Advisor SAN User Manual 53 1002696 01 Views H...