Displaying key management servers
You can display information about the external key management servers associated with the storage system by using the key_manager show command.
Verifying key management server links
You use the key_manager status or key_manager query commands to verify that all key management servers are successfully linked to the storage system. These commands are useful for verifying proper operation and troubleshooting.
Adding key management servers
You can use the key_manager add command to link key management servers to the storage system. This allows you to add additional key management servers for redundancy after initial setup or to replace existing key management servers.
Changing the authentication key
You can change the authentication key at any time by using the key_manager rekey command. You might want to change the authentication key as part of your security protocol or when moving an aggregate to another storage system.
Retrieving authentication keys
You can use the key_manager restore command to retrieve authentication keys from a key management server to a storage system. For example, when you created authentication keys on a node, you use this command to retrieve the keys for use on the partner node.
SSL issues due to expired certificates
If the SSL certificates used to secure key management communication between the storage system and key management servers expire, the storage system can no longer retrieve authentication keys from the key management server at bootup. This issue can cause data on SEDs to be unavailable. You can prevent this issue by updating all SSL certificates before their individual expiration dates.