Synchronizing with a cluster member, Setting up ssl in a cluster, Removing a device from a cluster – HP Secure Key Manager User Manual

5.

Click Join Cluster.

NOTE:

After joining the cluster, you will be prompted to synchronize with an existing cluster

member. We recommend that you synchronize your device. For more information about

this process, please see

Synchronizing With a Cluster Member

.

6.

Delete the cluster key from the local file system on your workstation.

Synchronizing with a cluster member

To synchronize with a cluster member:

1.

Log in to the Management Console that will be updated as an administrator with Cluster access

control.

2.

Navigate to the Cluster Members section of the Cluster Configuration page (Device > Cluster).

3.

Select the server from which you will copy configuration settings.

4.

Click Synchronize With and confirm this action. As part of the synchronization, the KMS Server will

create an automatic synchronization backup before installing the new configuration.

CAUTION:

Synchronizing the local device with the cluster overwrites the existing configuration, which

may include keys. You can access overwritten information using the synchronization

backup. If you have any keys that only exist on the local device, you can use the backup

and restore features to copy them to another SKM before synchronizing the local device.

Setting up SSL in a cluster

When using SSL in a cluster, the replication settings must include KMS Server settings and all cluster

members must use a server certificate with the same name, as indicated on the KMS Server Settings

section. The contents of those server certificates, however should be unique.
To configure SSL for a cluster:

1.

Log in to the Management Console as an administrator with Certificate access control.

2.

Navigate to the Create Certificate Request section on the Certificate and CA Configuration page

(Device > Cluster).

3.

Create a certificate request.

4.

Repeat steps 1, 2, and 3 for each device in the cluster. Use the same name for each certificate

request.

5.

Sign all of the certificate requests with the same CA. You can use a local CA on one of your devices,

or another CA within your organization’s PKI.

6.

Install each signed certificate on the appropriate device.

7.

Select an SKM with configuration settings that you can push out to other cluster members.

8.

Log in to that device’s Management Console as an administrator with KMS Server access control.

9.

Navigate to the KMS Server Settings section on the Key Management Services Configuration page.

10.

Select Use SSL and set Server Certificate to the newly created certificate.

11.

Navigate to the Cluster Settings section on the Cluster Configuration page.

12.

Click Save and confirm your changes. Once you confirm the settings, they will be replicated to the

other cluster members. No automatic synchronization backup will occur.

60

Performing configuration and operation tasks