3 key management server connections, Key management server requirements, Root and client certificates – HP XP7 Storage User Manual

Page 13: Root certificate on the key management server, Client certificate password

Advertising
background image

3 Key Management Server Connections

You can use an optional key management server with HP XP7 Storage systems. This chapter
provides information on how to set up the key management server.

Key management server requirements

If you are using a key management server, it must meet the following requirements:

Protocol: Key Management Interoperability Protocol 1.0 (KMIP1.0)

Software: SafeNet KeySecure k460 6.4.1 or Thales keyAuthority 4.0.2

Certificates:

Root certificate of the key management server (X.509)

Client certificate in PKCS#12 format

Root and client certificates

Root and client certificates are required to connect to KMIP servers and to ensure that the network
access is good. You upload the certificates to the SVP.

To access the key management server, the client certificate must be current and not have expired.

For more information about the client certificate password in PKCS#12 format:

Contact the key management server administrator.

See

“Client certificate password” (page 13)

.

To get copies of the root and client certificates, contact the key management server administrator.

For more information about uploading the client certificates, see

“Converting the client certificate

to the PKCS#12 format” (page 15)

.

Root certificate on the key management server

If you use SafeNet KeySecure or Thales keyAuthority on the key management server, create and
put the root certificate on the server.

For more information about SafeNet KeySecure, see the SafeNet KeySecure k460 6.1.0
documentation. For more information about Thales keyAuthority, see the Thales keyAuthority
documentation.

The root certificate of the key management server must be in X.509 format.

Client certificate password

The password is a string of characters that can be zero up to 128 characters in length. Valid
characters are:

Numbers (0 to 9)

Upper case (A-Z)

Lower case (a-z)

Symbols: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

For more information about converting the client certificate to PKCS#12 format, see

“Converting

the client certificate to the PKCS#12 format” (page 15)

.

For more information about client certificates, see

“Root and client certificates” (page 13)

.

Key management server requirements

13

Advertising
This manual is related to the following products:

XP Racks

Popular Brands
Popular manuals