Installing a CA-signed client certificate for the KMIP server

The certificate subtype of Key Management Interoperability Protocol (KMIP) (the -subtype kmip-cert parameter), along with the client and server-ca types, specifies that the certificate is used for mutually authenticating the cluster and an external key manager, such as a KMIP server.

About this task

Install a KMIP certificate to authenticate a KMIP server as an SSL server to the cluster.

Steps

  1. Use the security certificate install command with the -type server-ca and -subtype kmip-cert parameters to install a KMIP certificate for the KMIP server.
  2. When you are prompted, enter the certificate, and then press Enter.
    ONTAP reminds you to keep a copy of the certificate for future reference.
    Example
    cluster1::> security certificate install -type server-ca -subtype kmip-cert 
    -vserver cluster1
    
    Please enter Certificate: Press <Enter> when done
    -----BEGIN CERTIFICATE-----                       
    MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
    2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
    2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
    ...
    -----END CERTIFICATE-----
    
    
    You should keep a copy of the CA-signed digital certificate for future reference.
    
    cluster1::>