Setting up the local certificate authority (ca), Creating the skm server certificate – HP Secure Key Manager User Manual

Where

•

<appliance hostname> is the hostname or IP address you provided in

Starting the SKM

appliance

, step 4.

•

<appliance port number> is 9443 by default. If you changed the port number in

Starting the

SKM appliance

, step 4, use that number instead.

Setting up the local Certificate Authority (CA)

To create and install local CAs, perform the following steps:

1.

Logon to the SKM management web console using the admin password you supplied in

Starting

the SKM appliance

.

2.

Select the Security tab.

3.

In Certificates & CAs, click Local CAs.

4.

Enter information required by the Create Local Certificate Authority section of the window to create

your local CA, which will be the root for authentication of the clusters.

a. Enter a Certificate Authority Name and Common Name. These may be the same value, for

example SKM Local CA.

b. Enter your organizational information.
c. Enter the Email Address where you want messages to the Security Officer to go.
d. Enter the Key Size. HP recommends using 2048 for maximum security.
e. Click Self-signed Root CA and enter the CA Certification Duration and Maximum User Certificate

Duration. These values determine when the certificate must be renewed and should be set in

accordance with your company’s security policies. The default value for both is 3650 days or

10 years.

5.

Click Create.

34

Configuring the system