After the external key service is configured, you can select an external key management server to manage keys when creating an encrypted storage pool or enabling data encryption for an account.
Prerequisite
The advanced-edition license has been imported.
Procedure
- Choose Settings > External Key Service.
- Click Edit.
If an external key management server has been configured, you can click Modify to modify its settings.
To modify an configured external key management server, just delete it and then add a new one.
- Click Import. The Import and Activate page is displayed. Set Certificate File, CA Certificate File, and Private Key File of the external key service and click OK.
If the external key service certificates have been imported, click Re-import to update the certificates.
- Select the type of the external key management server and enter its IP address and port number.
- Click
to configure a second external key management server. The two servers back up each other. - Click
to remove an external key management server. When modifying or removing an external key management server, ensure that the IP address of the other server is connected, or modify or remove the server whose IP address is disconnected.
- Click
- Click Test to check whether the external key management server is configured successfully.
- Click Save.
- (Optional) To delete a configured server, click Initialize Server and confirm the operation as prompted.
Before initializing a server, ensure that the encrypted storage pool or encrypted account that uses the external key service has been deleted and the configured external key management servers are connected. If either server is disconnected, remove it and try again.