Installing SSL certificates on the cluster

The cluster and KMIP server use KMIP SSL certificates to verify each other's identity and establish an SSL connection. Before configuring the SSL connection with the KMIP server, you must install the KMIP client SSL certificates for the cluster, and the SSL public certificate for the root certificate authority (CA) of the KMIP server.

Before you begin

Note: You can install the client and server certificates on the KMIP server before or after installing the certificates on the cluster.

About this task

In an HA pair, both nodes must use the same public and private KMIP SSL certificates. If you connect multiple HA pairs to the same KMIP server, all nodes in the HA pairs must use the same public and private KMIP SSL certificates.

Steps

  1. Install the SSL KMIP client certificates for the cluster: security certificate install -vserver admin_svm_name -type client -subtype kmip-cert
    You are prompted to enter the SSL KMIP public and private certificates.
    Example
    cluster1::> security certificate install -vserver cluster1 -type client -subtype kmip-cert
  2. Install the SSL public certificate for the root certificate authority (CA) of the KMIP server: security certificate install -vserver admin_svm_name -type server-ca -subtype kmip-cert
    Example
    cluster1::> security certificate install -vserver cluster1 -type server-ca -subtype kmip-cert