Fabric OS Administrator’s Guide 527
53-1001763-02
Preparing the switch for FIPS D

Deleting an LDAP switch certificate

This option deletes the LDAP CA certificate from the switch.
1. Connect to the switch and log in as admin.
2. Enter the secCertUtil show -ldapcacert command to determine the name of the LDAP
certificate file.
3. Enter the secCertUtil delete -ldapcacert <file_name> command, where the <file_name> is the
name of the LDAP certificate on the switch.
Example of deleting an LDAP CA certificate
switch:admin> seccertutil delete -ldapcacert LDAPTestCa.pem
WARNING!!!
About to delete certificate: LDAPTestCa.cer
ARE YOU SURE (yes, y, no, n): [no] y
Deleted LDAP certificate successfully

Preparing the switch for FIPS

The following functions are blocked in FIPS mode. Therefore, it is important to prepare the switch
by disabling these functions prior to enabling FIPS:
The root account and all root-only functions are not available.
HTTP, Telnet, RPC, SNMP protocols need to be disabled. Once these are blocked, you cannot
use these protocols to read or write data from and to the switch.
The configDownload and firmwareDownload commands using an FTP server are blocked.
See Table 103 on page 523 for a complete list of restrictions between FIPS and non-FIPS modes.
ATTENTION
Only roles with SecurityAdmin and Admin can enable FIPS mode.

Overview of steps

1. Optional: Configure RADIUS server or LDAP server.
2. Optional: Configure authentication protocols.
3. For LDAP only: Install SSL certificate on Microsoft Active Directory server and CA certificate on
the switch for using LDAP authentication.
4. Block Telnet, HTTP, and RPC.
5. Disable BootProm access.
6. Configure the switch for signed firmware.
7. Disable root access.
8. Enable FIPS.