ECS: How to add external key management servers for key management

           

   Article Number:     539744                                   Article Version: 2     Article Type:    How To 
   

 


Product:

 

ECS Appliance,ECS Appliance Hardware Series,ECS Appliance Software with Encryption,ECS Appliance Software without Encryption

 

Instructions:

 

 

When adding a new external key server the filed in the Server Host Name needs to match the SAN name provided in the SSL certificate when querying the Hostname/IP of EKM Server.   

         
  1.         Collect the needed Subject Alternate Name (SAN) from the secure certificate provided by the EKM address being used.     
  2.    
Command:   
    # sudo openssl s_client -connect <External Key Server Address>:5696 < /dev/null| openssl x509 -noout -text | grep DNS:   
    Example:   
admin@node1:~>sudo openssl s_client -connect <External Key Server Address>:5696 < /dev/null| openssl x509 -noout -text | grep DNS:DNS:ekm.server.org.local    
   
         
  1.         In the server add configuration add the SAN address collected from step 1.     
  2.    
Navigation:   
    Key Management > New External Key Server   
    User-added image   
         
  •         If you encounter the following error after trying to save the request please confirm the SAN names in the certificate from step 1 and an alternate will need to be used from that list.     
  •    
Example:   
    User-added image   
   
    Once you have completed the configuration tasks to add the external key server the new server will add to the cluster instance ready for activation.