Loading...

Adding a Key Management Interoperability Protocol Server

You can add or modify a Key Management Interoperability Protocol server from the Command Center.

Note: If you configure the CommServe LiveSync feature in the CommCell environment, then you must copy the key management server certificates to all the nodes under the same path.

Procedure

  1. From the navigation pane, click Security > Key management servers.

    The Key management servers page appears.

  2. Click Add at the top right, and then select KMIP.

    The Add KMIP dialog box appears.

  3. Complete the following steps:
    • Name: Enter the name of the key provider.
    • Key length: Select the key length to use with the Advanced Encryption Standard (AES) Rijndael cipher.
    • Server: Enter the IP address or the hostname of the third-party key management server.

      If the server is a cluster server, then specify the IP addresses or the hostnames of all the servers in the cluster, separated by a comma.

      Note: If you use third-party key management servers, and you decide to migrate clients from one CommCell environment to another CommCell environment, then both the source CommCell environment and the destination CommCell environment must use the same third-party key management server.

    • Port: Enter the port that is used by the key management server.

      If the server is a cluster server, then all the servers in the cluster must use the same port.

    • Passphrase: If you set a passphrase when you generated the certificate, then enter the passphrase.
    • Certificate: Select the location of the client certificate.

      Examples of certificate locations:

      For SafeNet, enter the location: C:\Certificates\client.crt.

      For Vormetric, enter the location C:\Certificates\client.pem.

    • Certificate key: Select the location of the client certificate key.

      Examples of certificate key locations:

      For SafeNet, enter the location C:\Certificates\clientkey.

      For Vormetric, enter the location C:\Certificates\client_private.pem.

    • CA Certificate: Select the location of the key management server certificate authority (CA) certificate.

      Examples of CA certificate locations:

      For SafeNet, enter the location: C:\Certificates\Local_CA.crt.

      For Vormetric, enter the location C:\Certificates\1.2.3.4_CA.pem.

  4. Click Save.

Last modified: 11/8/2019 9:42:09 AM