Install a CA-signed client certificate for the KMIP server
Contributors
Suggest changes
PDFs
The certificate subtype of Key Management Interoperability Protocol (KMIP) (the -subtype kmip-cert parameter), along with the client and server-ca types, specifies that the certificate is used for mutually authenticating the cluster and an external key manager, such as a KMIP server.
About this task
Install a KMIP certificate to authenticate a KMIP server as an SSL server to the cluster.
Steps
-
Use the
security certificate installcommand with the-type server-caand-subtype kmip-certparameters to install a KMIP certificate for the KMIP server. -
When you are prompted, enter the certificate, and then press Enter.
ONTAP reminds you to keep a copy of the certificate for future reference.
cluster1::> security certificate install -type server-ca -subtype kmip-cert -vserver cluster1 Please enter Certificate: Press <Enter> when done -----BEGIN CERTIFICATE----- MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG 2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ ... -----END CERTIFICATE----- You should keep a copy of the CA-signed digital certificate for future reference. cluster1::>