HP Secure Key Manager User Manual
Page 43
10.
Enter data required by the Sign Certificate Request section of the window.
a.
Select the CA name from the Sign with Certificate Authority drop down box. For example,
SKM Local CA.
b.
Select Server as the Certificate Purpose.
c.
Enter the number of days before the certificate must be renewed based on your site's security
policies. The default value is 3649 or 10 years.
d.
Paste the copied certificate data from step 6 into the Certificate Request box.
11.
Click Sign Request.
12.
Copy the signed certificate data, from
-----BEGIN
to
END…-----
lines. Be careful to exclude
extra carriage returns or spaces after the data. This information will be used in step 16 of this
section.
13.
In the Certificates & CAs menu, click on Certificates.
14.
Click on the certificate name created in steps 3 – 4 of this section. For example,
SKM Server
.
15.
Click Install Certificate.
16.
Paste the signed certificate data from step 12 and click Save. Note that the Certificate status is
now Active.
Enabling SSL on the Key Management System (KMS) Server
The KMS Server provides the interface to the client. Secure Sockets Layer (SSL) must be enabled on
the KMS Server before this interface will operate. After SSL is enabled on the first appliance it will be
automatically enabled on the other cluster members.
To configure and enable SSL, perform the following steps:
1.
Select the Device tab.
2.
In the Device Configuration menu, click KMS Server to display the Key Management Services
Configuration window.
Secure Key Manager
43