Step 1: Complete and submit CSR for authentication with a key management server

You must first generate a certificate signing request (CSR) file, and then use the CSR to request a signed client certificate from a certificate authority (CA) that is trusted by the key management server. You can also create and download a client certificate from the key management server using the downloaded CSR file.

Before you begin

About this task

This task describes how to generate the CSR file, which you will then use to request a signed client certificate from a CA that is trusted by the key management server. A client certificate validates the storage array's controllers, so the key management server can trust their Key Management Interoperability Protocol (KMIP) requests. During this task, you must provide information about your organization.

Procedure

  1. Select Settings > Certificates.
  2. From the Key Management tab, select Complete CSR.
  3. Enter the following information:
    • Common name – A name that identifies this CSR, such as the storage array name, which will be displayed in the certificate files.
    • Organization – The full, legal name of your company or organization. Include suffixes, such as Inc. or Corp.
    • Organizational unit (optional) – The division of your organization that is handling the certificate.
    • City/Locality – The city or locality where your organization is located.
    • State/Region (optional) – The state or region where your organization is located.
    • Country ISO code – The two-digit ISO (International Organization for Standardization) code, such as US, where your organization is located.
  4. Click Download.
    A CSR file is saved to your local system.
  5. Request a signed client certificate from a CA that is trusted by the key management server.

After you finish

When you have a client certificate, go to Step 2: Import certificates for the key management server.