Fabric OS Encryption Administrator's Guide

Fabric OS Encryption Administrator’s Guide 125
53-1002159-03
Steps for connecting to an SKM or ESKM appliance
3
4. Copy the certificate request, beginning with ---BEGIN CERTIFICATE REQUEST--- and ending
with
---END CERTIFICATE REQUEST---. Be careful not to include any extra characters.
Adding SKM or ESKM appliances to the cluster
If you are adding an appliance to an existing cluster, select Cluster Settings, click Download Cluster
Key, and save the key to a convenient location, such as your computer's desktop.
To add SKM/ESKM appliances to the cluster you are creating, you will need the original cluster
member’s local IP address, local port number, and the location of the cluster key you downloaded,
as specified in “Creating an SKM or ESKM high availability cluster” on page 124.
Perform the following steps on each SKM/ESKM appliance you want to add to the cluster.
1. Open a new browser window, keeping the browser window from Copying the Local CA
certificate open.
2. In the new browser window, log into the management console of the SKM/ESKM appliance
that is being added to the cluster and click the Security tab.
3. In the Certificates & CAs menu, click Known CAs.
Enter information required in the Install CA Certificate section near the bottom of the page.
- Type the Certificate Name of the certificate being transferred from the first cluster
member.
- Paste the copied certificate data into the Certificate box.
4. Click Install.
5. In the Certificates & CA menu, click Trusted CA Lists.
6. Click on the Default Profile Name.
7. Cl ic k Edit.
8. Select the name of the CA from the list of Available CAs in the right panel.
9. Click Add.
10. Click Save.
11. Select the Device tab.
12. In the Device Configuration menu, click on Cluster.
13. Click on Join Cluster. In the Join Cluster section of the window, leave Local IP and Local Port set
to their defaults.
14. Type the original cluster member’s local IP address into Cluster Member IP.
15. Type the original cluster member’s local Port into Cluster Member Port.
16. Click Browse and select the Cluster Key File you saved.
17. Type the cluster password into Cluster Password.
18. Click Join.
19. After adding all members to the cluster, delete the cluster key file from the desktop.
20. Create and install an SKM/ESKM certificate. Refer to “Creating and installing the SKM or
ESKM server certificate” on page 122 for a description of this procedure.