Import key management server certificates
For external key management, you import certificates for authentication between the storage array and the key management server so the two entities can trust each other. There are two types of certificates: the client certificate validates the controllers, while the key management server certificate validates the server.
-
You must be logged in with a user profile that includes Security admin permissions. Otherwise, certificate functions do not appear.
-
A client certificate is available for the storage array.
A client certificate validates the storage array's controllers, so the key management server can trust their IP addresses. To obtain a client certificate, you must complete a CSR for the storage array and then upload it to the key management server. From the server, generate a client certificate.
-
The key management server certificate is available.
A key management server certificate validates the server, so the storage array can trust its IP address. To obtain a key management server certificate, you must generate it from the key management server.
This task describes how to upload certificate files for authentication between the storage array controllers and the key management server.
-
Select
. -
From the Key Management tab, select Import.
A dialog box opens for importing the certificate files.
-
Click the Browse buttons to select the files.
The file names display in the dialog box.
-
Click Import.
The file(s) are uploaded and validated.