Setting up the local certificate authority (ca) – HP Secure Key Manager User Manual

If you are replacing an SKM appliance or adding a member to an existing cluster, skip to

Establishing

a cluster

.

The configurations in this step are performed from the SKM management web console, which can be
accessed from any web browser with Internet access to the SKM appliance. The URL for the appliance
is:

https://

<appliance hostname>:<appliance port number>

Where

•

<appliance hostname> is the hostname or IP address you provided in

Starting the SKM appliance

,

step 4.

•

<appliance port number> is 9443 by default. If you changed the port number in

Starting the SKM

appliance

, step 4, use that number instead.

Setting up the local Certificate Authority (CA)

To create and install local CAs, perform the following steps:

1.

Logon to the SKM management web console using the admin password you supplied in

Starting

the SKM appliance

.

2.

Select the Security tab.

3.

In Certificates & CAs, click Local CAs.

4.

Enter information required by the Create Local Certificate Authority section of the window to
create your local CA, which will be the root for authentication of the clusters.

a.

Enter a Certificate Authority Name and Common Name. These may be the same value, for
example SKM Local CA.

b.

Enter your organizational information.

c.

Enter the Email Address where you want messages to the Security Officer to go.

d.

Enter the Key Size. HP recommends using 2048 for maximum security.

e.

Click Self-signed Root CA and enter the CA Certification Duration and Maximum User
Certificate Duration. These values determine when the certificate must be renewed and should
be set in accordance with your company's security policies. The default value for both is
3650 days or 10 years.

5.

Click Create.

Configuring the system

40