Chapter 7 Encryption Key Management
Configuring Encryption Key Management on the Library
Scalar i500 User’s Guide 182
You need to provide the following certificates:
These files must be in the proper format, as follows. If any of the
following requirements is not met, none of the certificates will be
imported.
• The Root Certificate must be 2048 bits and be in PEM format.
• The Admin and Client certificates must be 1024 bits and be in
pkcs#12 (.p12) format, with a separate certificate and private key
contained in each.
• The Admin and Client certificates must be signed by the Root
Certificate.
• Certificates must have the Organization name (O) set in their Issuer
and Subject info.
• The Admin certificate must have its Organizational Unit name (OU)
set as “akm_admin” in its Subject Info.
• The same Root Certificate must be installed on the encryption key
servers and the library.
• All the certificates must have a valid validity period according to the
date and time settings on the encryption key server.
To install your own certificates:
1 Ensure that the date on all encryption key servers and the library are
set to the current date. Incorrect date settings may interfere with the
TLS certificates and cause the library to stop communicating with the
key servers.
2 Place the TLS certificate files in a known location on your computer.
Encryption System Certificates Required
SKM • Root Certificate (also called the CA certificate,
or Certificate Authority Certificate)
• Client Certificate
• Admin Certificate
KMIP key managers • Root Certificate (also called the CA certificate,
or Certificate Authority Certificate)
• Client Certificate
To Next Page
Loading...
Need help?
General