526 Fabric OS Administrator’s Guide
53-1001763-02
FIPS mode configuration
D

LDAP certificates for FIPS mode

To utilize the LDAP services for FIPS between the switch and the host, you must generate a CSR on
the Active Directory server and import and export the CA certificates. To support server certificate
validation, it is essential to have the CA certificate installed on the switch and Active Directory
server. Use the secCertUtil to import the CA certificate to the switch. This will prompt for the remote
IP and login credentials to retrieve the CA certificate. The CA certificate should be in any of the
standard certificate formats, “.cer”, ”.crt” or “.pem”.
For storing and obtaining CA certificates, follow the instructions earlier in this section. LDAP CA
certificate file names should not contain spaces while using the secCertUtil command to import
and export the certificate.

Importing an LDAP switch certificate

This option imports the LDAP CA certificate from the remote host to the switch.
1. Connect to the switch and log in as admin.
2. Enter the secCertUtil import -ldapcacert command.
Example of importing an LDAP certificate
switch:admin> seccertutil import -ldapcacert
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.38.206
Enter remote directory: /users/aUser/certs
Enter certificate name (must have ".crt" or ".cer" ".pem" suffix):
LDAPTestCa.cer
Enter Login Name: aUser
Password: <hidden>
Success: imported certificate [LDAPTestCa.cer].

Exporting an LDAP switch certificate

This option exports the LDAP CA certificate from the switch to the remote host.
1. Connect to the switch and log in as admin.
2. Enter the secCertUtil export -ldapcacert command.
Example of exporting an LDAP CA certificate
switch:admin> seccertutil export -ldapcacert
Select protocol [ftp or scp]: scp
Enter IP address: 192.168.38.206
Enter remote directory: /users/aUser/certs
Enter Login Name: aUser
Enter LDAP certificate name (must have ".pem" \ suffix):LDAPTestCa.cer
Password: <hidden>
Success: exported LDAP certificate