Chapter 8: Encryption Key Management
Setting up EKM on the Scalar i6000
Quantum Scalar i6000 User’s Guide 299
Installing User-Provided Certificates
Follow these instructions to install your own TLS certificates, or when
installing TLS certificates for KMIP. When providing your own
certificates, it is assumed you understand the concepts of PKI and can
access the tools or third-party resources needed to generate or obtain
certificates.
Note: If you are using SKM, you must be running SKM 1.1 or higher
on your SKM servers in order to install your own TLS
certificates.
Note: If you are using RSA or KMIP, your server provider will provide
TLS communication certificates.
You need to provide the following certificates:
These files must be in the proper format, as follows. If any of the
following requirements is not met, none of the certificates will be
imported.
• The Root Certificate must be 2048 bits.
• The Root Certificate must be in PEM format.
• The Admin and Client certificates must be in pkcs12 (.p12) format,
with a separate certificate and private key contained in each.
Encryption
System
Certificates Required
Q-EKM or TKLM/
SKLM
• Root Certificate (also called the CA certificate,
or Certificate Authority Certificate)
SKM • Root Certificate (also called the CA certificate,
or Certificate Authority Certificate)
• Client Certificate
• Admin Certificate
KMIP-compliant
key
management
• Root Certificate (also called the CA certificate,
or Certificate Authority Certificate)
• Client Certificate
To Next Page
Loading...
Need help?
General