Adding key managers and CA certificates to Cloud Manager

Cloud Manager needs information about your key managers and CA certificates so users can select them for use with ONTAP Cloud systems.


  1. In the Encryption Setup page, click Key Manager.
  2. If your key managers use a KMIP port other than 5696, change the port and then click Save.
    Cloud Manager configures ONTAP Cloud systems to connect to key managers using this port.
  3. In the Key Managers table, click Add.
  4. In the Add Key Manager dialog box, enter details about the key manager, and then click Add:
    In this field... Do this...
    Key Manager Name Enter a unique name to distinguish the key manager.
    IP Address Enter the IP address of the key manager.
    User Name for Client Certificate Authentication If the key manager is enabled for client certificate authentication by having the key manager verify a user name from client certificates, specify the field and user name:
    • Select the field in which the key manager should look for a user name.
    • Enter a user name that is defined in the key manager.

    Cloud Manager generates ONTAP Cloud client certificates with the value defined in the user name field.

  5. In the Key Managers' CA Certificates table, click Add.
  6. Paste the certificate of the certificate authority (CA) that signed the key manager's server certificate and then click Add.
  7. Repeat the steps for any additional key managers and their CA certificates.


Cloud Manager is now set up to create ONTAP Cloud systems with encryption enabled.