Brocade Communications Systems 53-1002745-02 Marine Radio User Manual


  Open as PDF
of 666
 
Fabric OS Administrator’s Guide 621
53-1002745-02
Preparing a switch for FIPS
B
Exporting an LDAP switch certificate
This procedure exports the LDAP CA certificate from the switch to the remote host.
1. Connect to the switch and log in using an account with admin permissions, or an account with
OM permissions for the PKI RBAC class of commands.
2. Enter the secCertUtil export -ldapcacert command.
Example of exporting an LDAP CA certificate
switch:admin> seccertutil export -ldapcacert
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.38.206
Enter remote directory: /users/aUser/certs
Enter Login Name: aUser
Enter LDAP certificate name (must have ".pem" suffix): swLdapca.pem
Password: <hidden>
Success: exported LDAP certificate
Deleting an LDAP switch certificate
This procedure deletes the LDAP CA certificate from the switch.
1. Connect to the switch and log in using an account with admin permissions, or an account with
OM permissions for the PKI RBAC class of commands.
2. Enter the secCertUtil show -ldapcacert command to determine the name of the LDAP
certificate file.
3. Enter the secCertUtil delete -ldapcacert file_name command, where file_name is the name of
the LDAP certificate on the switch.
Example of deleting an LDAP CA certificate
switch:admin> seccertutil delete -ldapcacert swLdapca.pem
WARNING!!!
About to delete certificate: swLdapca.pem
ARE YOU SURE (yes, y, no, n): [no] y
Deleted LDAP certificate successfully
Preparing a switch for FIPS
It is important to prepare a switch for the following restrictions that exist in FIPS mode:
The root account and all root-only functions are not available.
HTTP, Telnet, RPC, and SNMP need to be disabled. Once these ports are blocked, you cannot
use them to read or write data from and to the switch.
The configDownload and firmwareDownload commands using an FTP server are blocked.
See Table 88 on page 618 for a complete list of restrictions between FIPS and non-FIPS modes.
ATTENTION
You need both security admin and admin permissions to enable FIPS mode.
 previous next