ECS: How to add external key management servers for key management


   Article Number:     539744                                   Article Version: 2     Article Type:    How To 




ECS Appliance,ECS Appliance Hardware Series,ECS Appliance Software with Encryption,ECS Appliance Software without Encryption





When adding a new external key server the filed in the Server Host Name needs to match the SAN name provided in the SSL certificate when querying the Hostname/IP of EKM Server.   

  1.         Collect the needed Subject Alternate Name (SAN) from the secure certificate provided by the EKM address being used.     
    # sudo openssl s_client -connect <External Key Server Address>:5696 < /dev/null| openssl x509 -noout -text | grep DNS:   
admin@node1:~>sudo openssl s_client -connect <External Key Server Address>:5696 < /dev/null| openssl x509 -noout -text | grep    
  1.         In the server add configuration add the SAN address collected from step 1.     
    Key Management > New External Key Server   
    User-added image   
  •         If you encounter the following error after trying to save the request please confirm the SAN names in the certificate from step 1 and an alternate will need to be used from that list.     
    User-added image   
    Once you have completed the configuration tasks to add the external key server the new server will add to the cluster instance ready for activation.