Before obtaining and installing SSL certificates, you must understand what certificates are required and their requirements.
SSL certificates for Storage Encryption must use the Privacy Enhanced Mail (PEM) Base-64 encoded X.509 format and follow a strict naming convention. The following table describes the required certificate types and naming conventions:
|Certificate for...||Certificate type||Certificate file name|
|Key management server||Public||key_management_server_ipaddress_CA.pem
key_management_server_ipaddress must be identical to the IP address of the key management server that you use to identify it when running the Storage Encryption setup program.
These public and private certificates are required for the storage system and key management servers to establish secure SSL connections with each other and verify each other's identities.
The certificates for the storage system are only used by the storage system's KMIP client.
The private certificate can be passphrase protected during creation. In this case, the Storage Encryption setup program prompts you to enter the passphrase.
If your key management server does not accept self-signed certificates, you also need to include the necessary certificate authority (CA) public certificate.
In an HA pair, both nodes must use the same public and private certificates.
If you want multiple HA pairs that are connected to the same key management server to have access to each other's keys, all nodes in all HA pairs must use the same public and private certificates.