Workflow for editing encryption environmental settings
To use a key management server, you must configure the connection and network settings. You can also set the encryption settings such as disabling the local key generations and storing key encryption key to DKC.
For more information about the appropriate connection settings, contact the key management server administrator. For more information about the network settings, contact your network administrator.
Encryption keys backed up on the key
management server are managed with the client certificate. If the client
certificate is lost, and the SVP is replaced due to a failure, you cannot
restore the encryption keys that were backed up before the replacement.
When the connection settings are backed up to the key management server, the system does not back up the client certificate. Make sure that you back up a copy of the connection settings to the key management server and save a copy of the client certificate separately. Refer to your corporate security policy for procedures related to backups.
Ensure the client and root certificates are uploaded to the key management server. If the certificates are not uploaded:
Contact the key management server administrator.
See Converting the client certificate to the PKCS#12 format and Uploading the root and client certificate.
Configure the connection settings to the key management server.
For details, see Configuring the connection settings to the key management server.
Confirm that you can connect to the key management server.
Check with the key management server administrator, then save a back up copy of the client certificate.
Back up the connection settings to the key management server.
For instructions, see the System Administrator Guide for your storage system.