HP Enterprise Secure Key Manager manual Entering the Kmip client credentials

Page 18

Entering the KMIP client credentials

In the RMI Configuration: Security page, enter the KMIP Client User Name and KMIP Client Password that the autoloader or library will use to log in to the key server, and then click Submit.

NOTE: This client user name and password must match the username and password on the KMIP server for this library.

Generating the client certificate request

In the KMIP Certificate Import section of the Configuration: Security page click Generate Certificate Request. The KMIP Client User Name will be used as the certificate name for the certificate request.

After generating the client certificate, follow the instructions in the server vendor’s documentation to sign the certificate.

NOTE: If you plan to disable the use the Disable Non-FIPS Algorithms and Key Sizes ESKM feature verify that the autoloader or library is using a firmware version that generates 2048-bit certificates. Earlier firmware versions generated 1028-bit certificates, which are not FIPS compliant. The earliest firmware versions that generate 2048-bit certificates are:

1/8 G2 autoloader: 4.30

MSL2024: 6.20

MSL4048: 8.70

MSL8048 and MSL8096: 1130

18 KMIP-based key server integration

Image 18
Contents Abstract Warranty Contents Using an encryption key server IntroductionHP Enterprise Secure Key Manager Eskm Licensing Considerations for using an encryption key serverMedia compatibility for drives supporting encryption KMIP-based key serversInstalling the encryption license MSL6480Using the Eskm Wizard HP Enterprise Secure Key Manager Eskm integrationHP Enterprise Secure Key Manager Eskm integration Page HP Enterprise Secure Key Manager Eskm integration Page Creating the client user name and password on the server KMIP-based key server integrationConfiguring the Kmip feature for the MSL6480 Using the Kmip Wizard Configuring the Kmip feature for the MSL6480 KMIP-based key server integration Set or enter the Kmip security password Enrolling the autoloader or library with a Kmip serverEntering the Kmip client credentials Generating the client certificate requestInstalling the signed client certificate Signing the client certificate on the server---END Certificate Configuring access to the key servers Enabling KMIP-based encryptionKMIP-based key server integration Connectivity test MSL6480Autoloader and other MSL libraries Basic encryption test Failover testPage Support and other resources Contacting HPTypographic conventions Documentation feedback