Managing available key managers and CA certificates

You can modify the key managers and key manager CA certificates that Cloud Manager users can use with their ONTAP Cloud systems. For example, you can add a new key manager that is available in your environment and you can add a new CA certificate, if a previous certificate expired.

About this task

The changes that you make from the Encryption Setup page affect only new ONTAP Cloud systems. Changes to existing ONTAP Cloud systems must be made from the working environment.

Steps

  1. In the upper-right corner of the Cloud Manager console, click the task drop-down list, and then click Encryption Setup.
  2. Click Key Manager.
  3. Manage your key managers as necessary:
    To... Do this...
    Change the KMIP port for communicating with key managers Modify the port and then click Save.

    The port change affects only new ONTAP Cloud systems. To change the port for an existing ONTAP Cloud system, connect to the CLI and then run the security key-manager setup command.

    Add a new key manager Click Add, enter details about the key manager, and then click Add again.

    This action does not add the key manager to existing ONTAP Cloud systems. You must add the key manager from the working environment, if necessary.

    Edit the details for a key manager Select the menu icon next to the key manager, click Edit, modify the details, and then click Save.

    Any changes affect only new ONTAP Cloud systems that will use this key manager. To apply this change to existing ONTAP Cloud systems, go to the working environment, remove the key manager, and then add it back.

    Delete an existing key manager Select the menu icon next to the key manager, click Delete, and then click Delete again.

    If you delete a key manager, you cannot configure ONTAP Cloud systems to use it. Existing systems that are using this key manager can continue to use it.

  4. Manage the key managers' CA certificates as necessary:
    To... Do this...
    Add a new certificate Click Add, paste the certificate, and then click Add again.
    View a certificate Select the menu icon next to the key manager and click View.
    Delete a certificate Select the menu icon next to the certificate, click Delete, and then click Delete again.

    If you delete a certificate, you cannot configure ONTAP Cloud systems to use it. Existing systems that are using the certificate can continue to use it.