Manualshelf

HP XP7 DKA Encryption User Guide (TK901-96001)

ManualsBrandsHP ManualsComputer AccessoriesHP XP P9500 Storage DKC Module-1 Controller Upgrade Base Rack
11121314151617181920
3 Key Management Server Connections
You can use an optional key management server with HP XP7 Storage systems. This chapter
provides information on how to set up the key management server.
Key management server requirements
If you are using a key management server, it must meet the following requirements:
Protocol: Key Management Interoperability Protocol 1.0 (KMIP1.0)
Software: SafeNet KeySecure k460 6.4.1 or Thales keyAuthority 4.0.2
Certificates:
Root certificate of the key management server (X.509)
Client certificate in PKCS#12 format
Root and client certificates
Root and client certificates are required to connect to KMIP servers and to ensure that the network
access is good. You upload the certificates to the SVP.
To access the key management server, the client certificate must be current and not have expired.
For more information about the client certificate password in PKCS#12 format:
Contact the key management server administrator.
See “Client certificate password” (page 13).
To get copies of the root and client certificates, contact the key management server administrator.
For more information about uploading the client certificates, see “Converting the client certificate
to the PKCS#12 format” (page 15).
Root certificate on the key management server
If you use SafeNet KeySecure or Thales keyAuthority on the key management server, create and
put the root certificate on the server.
For more information about SafeNet KeySecure, see the SafeNet KeySecure k460 6.1.0
documentation. For more information about Thales keyAuthority, see the Thales keyAuthority
documentation.
The root certificate of the key management server must be in X.509 format.
Client certificate password
The password is a string of characters that can be zero up to 128 characters in length. Valid
characters are:
Numbers (0 to 9)
Upper case (A-Z)
Lower case (a-z)
Symbols: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
For more information about converting the client certificate to PKCS#12 format, see “Converting
the client certificate to the PKCS#12 format” (page 15).
For more information about client certificates, see “Root and client certificates” (page 13).
Key management server requirements 13