1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. AJ732A - MDS 9134 Fabric Switch
  6. Configuration manual

Generating Kmc Certificate; Generating And Installing Self-Signed Certificates - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Cisco mds 9000 family storage media encryption configuration guide - release 4.x (ol-18091-01, february 2009)
Hide thumbs Also See for AJ732A - Cisco MDS 9134 Fabric Switch:
Table of Contents

Advertisement

Generating and Installing Self-Signed Certificates

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Generating KMC Certificate

To generate the KMC server certificate, follow these steps:
Generate KMC certificate by entering the following commands in the OpenSSL application:
Step 1
OpenSSL> genrsa -out sme_kmc_server.key 1024
OpenSSL> req -new -key sme_kmc_server.key -out sme_kmc_server.csr
OpenSSL> x509 -req -days 365 -in sme_kmc_server.csr -CA cacert.pem -CAkey privkey.pem
OpenSSL> pkcs12 -export -in sme_kmc_server.cert -inkey sme_kmc_server.key -out
Import this PKCS12 keystore to Java Keystores using JAVA keytool (JRE 1.6).
Step 2
"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importkeystore -srckeystore
sme_kmc_server.p12 -srcstoretype PKCS12 -destkeystore sme_kmc_server.jks -deststoretype JKS
Remember the password as it needs to be updated in the properties file.
Note
Import the CA certificate to Java Keystores using JAVA keytool (JRE 1.6).
Step 3
"C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe" -importcert -file cacert.pem -keystore
sme_kmc_trust.jks -storetype JKS
Place these keystore files in mds9000/conf/cert directory.
Step 4
Modify the KMC SSL settings in the Key Manager Settings in Fabric Manager Web Client.
Step 5
Restart the Fabric Manager server.
Step 6
Note
You can also use sme_kmc_server.p12 as KMC server certificate and cacert.pem as KMC trust certificate
instead of using Java keystores created in Step 3 and 4.
Generating and Installing Self-Signed Certificates
To configure SSL when KMC is not integrated with Fabric Manager server, follow these steps:
Create the required certificates by using the following commands:
Step 1
switch:./createSmeCerts.tcl
Usage: ./createSmeCerts.tcl [r] [k] [s] [a] [h]
Usage: ./createSmeCerts.tcl [r] [k] [s] [a] [h]
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide
C-4
-CAcreateserial -out sme_kmc_server.cert
sme_kmc_server.p12
r
Generate Root CA certificate
k
Generate KMC server certificate
s
Generate Switch certificate and configure switch trust point
a
Generate all certificates and configure switch
h
Print this usage screen
r
Generate Root CA certificate
k
Generate KMC server certificate
s
Generate Switch certificate and configure switch trust point
Appendix C
Provisioning Self-Sign Certificates
OL-18091-01, Cisco MDS NX-OS Release 4.x

Advertisement

Table of Contents
loading

Related Manuals for Cisco AJ732A - Cisco MDS 9134 Fabric Switch

Related Content for Cisco AJ732A - Cisco MDS 9134 Fabric Switch

This manual is also suitable for:

Ap775a - nexus converged network switch 5010Ap776a - nexus converged network switch 5020Cisco mds 9124 - fabric switchCisco mds 9020 - fabric switchCisco mds 9120 - fabric switchCisco mds 9140 - fabric switch ... Show all

Table of Contents