If you are running KMIP Key Manager, Transport Layer Security (TLS) communication certificates with valid dates must be installed on the library in order for the library to communicate securely with attached EKM servers.
It is assumed you understand the concepts of PKI and have access to the tools or third-party resources needed to generate or obtain certificates from your KMIP server vendor.
| Screen Element | Description |
|---|---|
| Root certificate file | Root Certificate (also called the CA certificate, or Certificate Authority Certificate) |
| Client certificate file | Client certificate file in pkcs12 (.p12) format, containing a separate certificate and private key. |
| Client certificate password | The password used to access the client certificate file. |
 |
Click this button to accept changes. |
 |
Click this button to cancel the changes. |
The user may install their own SSL communication certificate for https access to the remote gui. The user may use their installed certificate by setting the type to "User Defined". If the certificate type is set to "System", the library will use the self-signed certificate generated at initial install.
| Screen Element | Description |
|---|---|
| Current Certificate Type | This field indicates which type certificate is being used by the library for https communication. |
| Certificate Type | This is a list of certificate types that are valid for https communication. System: Enables the original self-signed certificate. User Defined: Enables the customer uploaded certificate. |
| Certificate file | User provided pem certificate file to be used for https communication. |
| Set Type Button | Click this button to set the communication certificate type for the library.
NOTE: The library must be restarted after changing the certificate type in order for the web server to pick up the communication certificate change. |
| Upload Certificate Button | Click this button to upload a pem certificate file for https communication. |
|
Click this button to cancel the changes. |