Table 31, Generating the key and csr for fcap, Exporting the csr for fcap – Dell POWEREDGE M1000E User Manual

Page 191

Advertising
background image

Fabric OS Administrator’s Guide

151

53-1001763-02

Authentication policy for fabric elements

7

You can request a certificate from a CA through a Web browser. After you request a certificate,
the CA either sends certificate files by e-mail (public) or gives access to them on a remote host
(private). Typically, the CA provides the certificate files listed in

Table 31

.

ATTENTION

Only the .pem file is supported for FCAP authentication.

5. On each switch, install the CA certificate before installing switch certificate.

6. After the CA certificate is installed, install the switch certificate on each switch.

7. Update the switch database for peer switches to use third-party certificates.

8. Use the newly installed certificates by starting the authentication process.

Generating the key and CSR for FCAP

The public/private key and CSR has to be generated for the local and remote switches that will
participate in the authentication. In FCAP, one command is used to generate the public/private key
the CSR, and the passphrase.

1. Log in to the switch using an account assigned to the admin role.

2. Enter the secCertUtil generate -fcapall -keysize command on the local switch.

switch:admin> seccertutil generate -fcapall -keysize 1024
WARNING!!!

About to create FCAP:
ARE YOU SURE (yes, y, no, n): [no] y
Installing Private Key and Csr...
Switch key pair and CSR generated...

3. Repeat

step 2

on the remote switch.

Exporting the CSR for FCAP

You will need to export the CSR file created in

“Generating the key and CSR for FCAP”

section and

send to a Certificate Authority (CA). The CA will in turn provide two files as outlined in

“FCAP

configuration overview”

on page 150.

1. Log in to the switch using an account assigned to the admin role.

2. Enter the secCertUtil export –fcapswcsr command.

switch:admin> seccertutil export -fcapswcert
Select protocol [ftp or scp]: scp
Enter IP address: 10.1.2.3
Enter remote directory: /myHome/jdoe/OPENSSL
Enter Login Name: jdoe

TABLE 31

FCAP certificate files

Certificate file

Description

nameCA.pem

The CA certificate. It must be installed on the remote and local switch to verify the
validity of the switch certificate or switch validation fails.

name.pem

The switch certificate.

Advertising
See also other documents in the category Dell Computer Accessories: