7/25/2019 8_3_1_keysecure

1/1

1. Export x.x.x.x_CA.pem from Safenet CA2. Generate the private key (client_private.key)3. Generate a certificate signing request (.CSR) file from the private key(client.csr)4. Remove the passphrase from the private key5. Sign the SSL client.csr certificate6. Create the client_private.pem chain file by concatenating client.pem with client_private.key7. Import the Client device Certificate into Safenet (client.pem)8. Verify PEM files with the OPENSSL test9. Import the x.x.x.x_CA.pem into the Netapp with the security certificateinstall -type server-ca -subtype kmip-cert -kmip-server-ip -vserver - then hit enter twice so we see the message You should keep a copy of the private key and the CA-signed digital certificate for future reference. which will return to the cluster shell.10. Import the client_private.pem into the Netapp with the command security certificate install -type client -subtype kmip-cert -vserver 11. Run the security key-manager setup command to configure initial KMIP settings12. Then security key-manager add -address x.x.x.x to add the KMIP server13. security key-manager create-key (Does not rekey disks)14. security key-manager query15. storage encryption disk modify -data-key-id