Skip to main content

Use CA-signed certificates for authentication with a key management server

For secure communications between a key management server and the storage array controllers, you must configure the appropriate sets of certificates.

Before you begin

  • You must be logged in with a user profile that includes Security admin permissions. Otherwise, certificate functions do not appear.

About this task

Authenticating between the controllers and a key management server is a two-step procedure.

  1. Step 1: Complete and submit CSR for authentication with a key management server
    You must first generate a certificate signing request (CSR) file, and then use the CSR to request a signed client certificate from a certificate authority (CA) that is trusted by the key management server. You can also create and download a client certificate from the key management server using the downloaded CSR file.
  2. Step 2: Import certificates for the key management server
    As the next step, you import certificates for authentication between the storage array and the key management server. There are two types of certificates: the client certificate validates the storage array's controllers, while the key management server certificate validates the server.