Support User Manuals

Brocade Communications Systems 53-1002745-02 Marine Radio User Manual

Open as PDF

of 666

Fabric OS Administrator’s Guide 185

53-1002745-02

Secure Sockets Layer protocol

6

Obtaining certificates

Once you have generated a CSR, you will need to follow the instructions on the website of the

certificate issuing authority that you want to use; and then obtain the certificate.

Fabric OS and HTTPS support the following types of files from the Certificate Authority(CA):

• .cer (binary)

• .crt (binary)

• .pem (text)

Typically, the CA provides the certificate files listed in Table 24.

NOTE

You must perform this procedure for each switch.

Use the following procedure to obtain a security certificate.

1. Generate and store the CSR as described in “Generating and storing a Certificate Signing

Request” on page 184.

2. Open a web browser window on the management workstation and go to the CA website. Follow

the instructions to request a certificate. Locate the area in the request form into which you are

to paste the CSR.

3. Through a Telnet window, connect to the switch and log in using an account with admin

permissions.

4. Enter the secCertUtil showcsr

command. The contents of the CSR are displayed.

5. Locate the section that begins with “BEGIN CERTIFICATE REQUEST” and ends with “END

CERTIFICATE REQUEST”.

6. Copy and paste this section (including the BEGIN and END lines) into the area provided in the

request form; then, follow the instructions to complete and send the request.

It may take several days to receive the certificates. If the certificates arrive by e-mail, save them to

an FTP server. If the CA provides access to the certificates on an FTP server, make note of the path

name and make sure you have a login name and password on the server.

Installing a switch certificate

Use the following procedure to install a security certificate on a switch.

NOTE

You must perform this procedure on each switch.

TABLE 24 SSL certificate files

Certificate file Description

name.pem The switch certificate.

nameRoot.pem The root certificate. Typically, this certificate is already installed in the browser, but if not, you

must install it.

nameCA.pem The CA certificate. It must be installed in the browser to verify the validity of the server certificate

or server validation fails.

previous next