Setting up ssl in a cluster, Removing a device from a cluster, 71 removing a device from a cluster – HP Secure Key Manager User Manual

4.

Click Synchronize With and confirm this action. As part of the synchronization, the KMS Server
will create an automatic synchronization backup before installing the new configuration.

CAUTION:

Synchronizing the local device with the cluster overwrites the existing configuration, which
may include keys. You can access overwritten information using the synchronization backup.
If you have any keys that only exist on the local device, you can use the backup and restore
features to copy them to another SKM before synchronizing the local device.

Setting up SSL in a cluster

When using SSL in a cluster, the replication settings must include KMS Server settings and all cluster
members must use a server certificate with the same name, as indicated on the KMS Server Settings
section. The contents of those server certificates, however should be unique.

To configure SSL for a cluster:

1.

Log in to the Management Console as an administrator with Certificate access control.

2.

Navigate to the Create Certificate Request section on the Certificate and CA Configuration page
(Device > Cluster).

3.

Create a certificate request.

4.

Repeat steps 1, 2, and 3 for each device in the cluster. Use the same name for each certificate
request.

5.

Sign all of the certificate requests with the same CA. You can use a local CA on one of your
devices, or another CA within your organization's PKI.

6.

Install each signed certificate on the appropriate device.

7.

Select an SKM with configuration settings that you can push out to other cluster members.

8.

Log in to that device's Management Console as an administrator with KMS Server access control.

9.

Navigate to the KMS Server Settings section on the Key Management Services Configuration
page.

10.

Select Use SSL and set Server Certificate to the newly created certificate.

11.

Navigate to the Cluster Settings section on the Cluster Configuration page.

12.

Click Save and confirm your changes. Once you confirm the settings, they will be replicated to
the other cluster members. No automatic synchronization backup will occur.

Removing a device from a cluster

To remove a device from a cluster:

1.

Log in the Management Console of the device that will be removed from the cluster as an
administrator with Cluster access control.

2.

Navigate to the Cluster Settings section of the Cluster Configuration page (Device > Cluster).

3.

Click Remove From Cluster.

Secure Key Manager

71