How do I know what certificates need to be uploaded to System Manager?

For external key management, you import two types of certificates for authentication between the storage array and the key management server so the two entities can trust each other.

A client certificate validates the storage array's controllers, so the key management server can trust their IP addresses. To obtain a client certificate, you must complete a CSR for the storage array and then upload it to the key management server. From the server, generate a client certificate, and then use System Manager to import it.

A key management server certificate validates the key management server, so the storage array can trust its IP address. To obtain a key management server certificate, you must generate it from the key management server.