beautypg.com

3 key management server connections, Key management server requirements, Root and client certificates – HP StorageWorks XP Data Integrity Check XP Software User Manual

Page 12: Root certificate on the key management server, Client certificate password

background image

3 Key Management Server Connections

You can use an optional key management server with P9500 storage systems. This chapter provides
information on how to set up the key management server.

Key management server requirements

If you are using a key management server, it must meet the following requirements:

Protocol: Key Management Interoperability Protocol 1.0 (KMIP1.0)

Software: SafeNet KeySecure k460 6.1.0

Certificates:

Root certificate of the key management server (X.509)

Client certificate in PKCS#12 format

Root and client certificates

Root and client certificates are required to connect to KMIP servers and to ensure that the network
access is good. You upload the certificates to the P9500 storage system.

To access the key management server, the client certificate must be current and not have expired.

For more information about the client certificate password in PKCS#12 format:

Contact the key management server administrator.

See

“Client certificate password” (page 12)

.

To get copies of the root and client certificates, contact the key management server administrator.

For more information about uploading the client certificates, see

“Converting the client certificate

to the PKCS#12 format” (page 14)

.

Root certificate on the key management server

If you use SafeNet KeySecure on the key management server, create and put the root certificate
on the server.

For more information about SafeNet KeySecure, see the SafeNet KeySecure k460 6.1.0
documentation.

The root certificate of the key management server must be in X.509 format.

Client certificate password

The password is a string of characters that can be zero up to 128 characters in length. Valid
characters are:

Numbers (0 to 9)

Upper case (A-Z)

Lower case (a-z)

Symbols: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

For more information about converting the client certificate to PKCS#12 format, see

“Converting

the client certificate to the PKCS#12 format” (page 14)

.

For more information about client certificates, see

“Root and client certificates” (page 12)

.

12

Key Management Server Connections

This manual is related to the following products: