Table of ContentsView in Frames

Adding key management servers

You can use the key_manager add command to link key management servers to the storage system. This enables you to add additional key management servers for redundancy after initial setup or to replace existing key management servers.

Before you begin

You must first install the required storage system and key management server SSL certificates. If they are not present, the command fails.

You must know the IP address for each key management server you want to link.

Steps

  1. Access the nodeshell by entering the following command: system node run -node node_name
  2. To add a key management server, enter the following command: key_manager add -key_server key_server_ip_address
  3. Exit the nodeshell and return to the clustershell by entering the following command: exit

Example

The following command adds a link from the storage system to the key management server with the IP address 172.16.132.118:

storage-system> key_manager add -key_server 172.16.132.118
Found client certificate file client.pem.
Registration successful for client.pem.
Found client private key file client_private.pem.
Is this file protected by a passphrase? [no]: no
Registration successful for client_private.pem.
Registering 1 key servers...
Found client CA certificate file 172.16.132.118_CA.pem.
Registration successful for 172.16.132.118_CA.pem.
Registration complete.