Introduction | Brocade Communications Systems 53-1001778-01 specs

	Chapter
Mutual Authentication for Clients and Indications	4

In this chapter

•Introduction	47
•Mutual authentication for clients	47
•Mutual authentication for indications	48
•Client configuration to use client certificates	48
•Client configuration to use client certificates for default SSL indications. .	50
•Troubleshooting	51

Introduction

The SMI-A installation wizard provides options for enabling mutual authentication for clients and indications. This chapter describes how you can enable mutual authentication after installation, without re-running the installation wizard.

If you enable mutual authentication, you should disable the CIM-XML client protocol adapter (CPA) for the SMI-A so that the clients can use only HTTPS communication. If you do not disable the CIM-XML CPA, then any client can communicate with the SMI-A using HTTP access.

The client and server certificates that are used in the mutual authentication are only private certificates that are generated by Brocade and are not verified by any certificate authority. Clients cannot add their own certificates to the server trust stores.

NOTE

Mutual authentication works using only Brocade-provided private certificates.

Mutual authentication for clients

You can restrict access to the SMI-A to only clients that are trusted by the agent. The SMI-A uses private key information and authentication information to allow only specific clients to send requests as SSL-encrypted CIM-XML to the SMI-A.

By default, mutual authentication for clients is disabled, which means that any client can use the HTTPS communication protocol to communicate with the SMI-A. When mutual authentication for clients is enabled, then only those clients whose certificates have been added to the SMI-A TrustStore can use HTTPS to communicate with the SMI-A. That is, the SMI-A must have a TrustStore that contains a certificate for an entry in the client KeyStore.

Additionally, when mutual authentication for clients is enabled, the client must have a TrustStore that contains the certificate for an entry in the SMI-A KeyStore.

Brocade SMI Agent User’s Guide	47
53-1001778-01

Image 63

Brocade Communications Systems 53-1001778-01 manual Introduction, Mutual authentication for clients

Contents

Brocade SMI Agent Brocade Communications Systems, Incorporated Title Publication number Summary of changes Date Brocade SMI Agent User’s Guide Contents Chapter Brocade SMI Agent Configuration Chapter Mutual Authentication for Clients and Indications Index How this document is organized This chapter Supported hardware and software What’s new in this document Document conventionsText formatting Key terms Identifies command syntax examples Additional information Brocade resourcesOther industry resources FT00X0054E9 Getting technical help Support@brocade.com Brocade SMI Agent support Document feedback Common Information Model CIM Overview Brocade SMI Agent Brocade SMI-S Initiative Brocade SMI Agent Brocade SMI Agent User’s Guide Starting the SMI-A Brocade SMI Agent Starting the SMI-A as a service Stop the Brocade SMI AgentStopping the SMI-A Stopping the SMI-A as a service Service Location Protocol SLP support SLP on Linux, Solaris, and AIX Slptool commands Stopping SLP on Linux, Solaris, and AIX Starting SLP on Linux, Solaris, and AIX Installing SLP on Windows SLP on WindowsStarting SLP on Windows Connection monitoring Disable Http for security reasons For example Enable multi-homed support About the Brocade SMI Agent Configuration Tool Brocade SMI Agent Configuration Apply Launching the Brocade SMI Agent Configuration Tool Windows Launch the Brocade SMI-A Configuration Tool Proxy connections Reloading provider.xml on fabric segmentationAdding proxy connections Removing proxy connections Login failure status information Access control Login failure status messages Access control Mapping an SMI-A user to a switch user Setting up default SMI-A user mapping SMI Agent security Limitations of SMI-A user-to-switch user mapping Configuring mutual authentication for clients Mutual authentication setup Configuring mutual authentication for indications Mutual authentication for indications Configuring Http access Importing client certificates Http access Exporting server certificates SMI Agent security Configuring user authentication User authentication Encode proxy details Encoding proxy connection details Configuring or removing the SMI Agent as a service SMI Agent service configuration and removal Port configuration Configure Http and Https portsConfiguring the Http and Https ports Configuring the ARR and eventing ports Configure ARR and eventing ports Configure ARR and eventing ports Fabric Manager database server configuration Configuring software locations for firmware download Firmware download software locations configuration File Path Debugging and logging options configuration Configuring debugging options for CimomDebugging options for Cimom Debugging options for the provider Configure debugging options for Cimom Dynamic Update Configuring debugging options for the provider Logging options for the provider Configuring logging options for provider Log file examples Configure logging options Capturing information from the provider cache Capture provider cache information Collect support information Support information collection XML dump Collecting support informationRunning an XML dump Configuring the Cimom server Cimom server configuration Uncomment the following lines Configuring log file options Introduction Mutual authentication for clients Enabling mutual authentication for indications Mutual authentication for indicationsClient configuration to use client certificates Enabling mutual authentication for clients Client.ind.truststore Clientind.cer Java -classpath SMIAgent/agent/wbem.jar Xmlerror Troubleshooting Xmlerror General questions Frequently Asked Questions How do I collect diagnostic data from the Brocade SMI Agent? Does the SMI Agent have support for Https communication? On Linux Type the following command Appendix Open source software used in SMI-A Source Code License Sun Industry Standards Source License Distribution Obligations Inability to Comply DUE to Statute or Regulation Termination IBM Common Public License Grant of Rights Commercial Distribution OpenSLP License GNU Library General Public License Bouncy Castle Sun Binary Code License Agreement Public Domain Brocade SMI Agent User’s Guide Supplemental License Terms Brocade SMI Agent User’s Guide Brocade SMI Agent User’s Guide 53-1001778-01 Sun Binary Code License Agreement Index Brocade SMI Agent User’s Guide