Nonstop Volume Level Encryption Guide
a. Create the cluster
b. Download the cluster key
For all other ESKM nodes, perform these tasks:
1. Start the appliance
2. Configure the appliance
3. Add additional ESKM appliances to the cluster
4. Create and install the ESKM Server Certificate
For one node, create the NSSuser (NonStop setup user) login with “User Administration Permission”
and “Change Password Permission” selected.
For all nodes, back up the configuration. See the Enterprise Secure Key Manager Users Guide for
details.
7. Perform pre-enrollment tasks
Before you can enroll the CLIMs as ESKM clients, you need to perform these pre-enrollment tasks:
□ “A. Create server certificates NSVLEServerCertificate” (page 18)
□ “B. Sign the server certificate request NSVLEServerCertificate with the local CA NSVLECA”
(page 20)
□ “C. Set FIPS compliant mode” (page 24)
□ “D. Set KMS server settings” (page 25)
□ “E. Set KMS server authentication settings” (page 26)
□ “F. Create the NSSuser local user, if you have not created one, and set security” (page 27)
□ “G. Create client certificate request for the NSSuser local user” (page 28)
□ “H. Add local CA NSVLECA, other local CAs and known CAs to the key manager's trusted
CA list ” (page 40)
□ “I. Verify connection between the NonStop system and the Key Manager” (page 42)
After you have performed these tasks, go on to “8. Register the CLIMs” (page 42).
A. Create server certificates NSVLEServerCertificate
Perform this step for each Key Manager.
a. Log on to the Secure Key Manager GUI as admin. Login name is case sensitive.
b. On the Security tab, select Certificates.
c. Fill in information to create a certificate:
18 Installation