Install SSL certificates on the cluster
The cluster and KMIP server use KMIP SSL certificates to verify each other's identity and establish an SSL connection. Before configuring the SSL connection with the KMIP server, you must install the KMIP client SSL certificates for the cluster, and the SSL public certificate for the root certificate authority (CA) of the KMIP server.
In an HA pair, both nodes must use the same public and private KMIP SSL certificates. If you connect multiple HA pairs to the same KMIP server, all nodes in the HA pairs must use the same public and private KMIP SSL certificates.
-
The time must be synchronized on the server creating the certificates, the KMIP server, and the cluster.
-
You must have obtained the public SSL KMIP client certificate for the cluster.
-
You must have obtained the private key associated with the SSL KMIP client certificate for the cluster.
-
The SSL KMIP client certificate must not be password-protected.
-
You must have obtained the SSL public certificate for the root certificate authority (CA) of the KMIP server.
-
In a MetroCluster environment, you must install the same KMIP SSL certificates on both clusters.
You can install the client and server certificates on the KMIP server before or after installing the certificates on the cluster. |
-
Install the SSL KMIP client certificates for the cluster:
security certificate install -vserver admin_svm_name -type client
You are prompted to enter the SSL KMIP public and private certificates.
cluster1::> security certificate install -vserver cluster1 -type client
-
Install the SSL public certificate for the root certificate authority (CA) of the KMIP server:
security certificate install -vserver admin_svm_name -type server-ca
cluster1::> security certificate install -vserver cluster1 -type server-ca