DCFM Professional Plus User Manual (53-1001774-01, June 2010)

DCFM Professional Plus User Manual 469
53-1001774-01
18
Obtaining and importing the LKM certificate
Certificates must be exchanged between LKM and the encryption switch to enable mutual
authentication. You must obtain a certificate from LKM, and import it into the encryption group
leader. The encryption group leader exports the certificate to other encryption group members.
To obtain and import an LKM certificate, do the following.
1. Open an SSH connection to the NetApp LKM appliance and log in.
host$ssh admin@10.33.54.231
admin@10.33.54.231's password:
Copyright (c) 2001-2009 NetApp, Inc.
All rights reserved
+--------------------------------+
| NetApp Appliance Management CLI |
| Authorized use only! |
+--------------------------------+
Cannot read termcapdatabase;
using dumb terminal settings.
Checking system tamper status:
No physical intrusion detected.
2. Add the group leader to the LKM key sharing group. Enter lkmserver add --type third-party
--key-sharing-group "/" followed by the group leader IP address.
lkm-1>lkmserver add --type third-party --key-sharing-group \
"/" 10.32.244.71
NOTICE: LKM Server third-party 10.32.244.71 added.
Cleartext connections not allowed.
3. On the NetApp LKM appliance terminal, enter sys cert getcert-v2 to display the LKM certificate
content.
lkm-1> sys cert getcert-v2
-----BEGIN CERTIFICATE-----
[content removed]
-----END CERTIFICATE-----
4. Copy and paste the LKM certificate content from the NetApp LKM appliance terminal into an
editor buffer. Save the file as lkmcert.pem on the SCP-capable host. Save the entire certificate,
including the lines
-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
5. If you are using DCFM, the path to the file must be specified on the Select Key Vault dialog box
when creating a group leader . If the proper path is entered, the file is imported.