Creating a new user, client profile, registration token, and registered client on the KMS server

Content Platform for Cloud Scale Administration Guide

Version
2.6.x
File Size
1945 KB
Audience
anonymous
Part Number
MK-HCPCS008-10

You need to create the following on the third-party KMS system:

  1. User account corresponding to the common name (CN) of the HCP for cloud scale system
  2. Client profile
  3. Registration token
  4. Registered client

Before you begin this task:

  • You need both the HCP for cloud scale certificate signing request and signed system certificate.
  • You need to determine the name, email, and password of the user account on the Thales system.
  • You need to determine the name of the client profile.
  • You need to determine the default name prefix, token lifetime, certificate duration, and client capacity of the registration token. (For the last three items you can use the defaults.)
  • You need to determine the name of the registered client.

For example, to create a new user account, client profile, registration token, and registered client on the Thales system:

  1. Log in to the Thales system.
    The web console opens.
  2. Create a user account:
    1. Select Access Management > Users.
      The Users page opens.
    2. Click Create New User.
      The Create a New User page opens.
    3. Enter the user's username, email, and password (twice).
    4. Click Create.
      The user is added to the list of users.
    5. Select Access Management > Groups.
      The Groups page opens.
    6. Select the Key Users group.
      The members of the Key Users group are listed.
    7. Locate the user and click Add.
      The user is added as a member of the group.
  3. Create a client profile:
    1. Click Products and select KMIP.
      The Registered Clients page opens.
    2. Select Client Profile.
      The Client Profiles page opens.
    3. Click Add Profile.
      The Add Profile page opens.
    4. Enter the client profile name.
    5. Expand the Certificate Details section of the page and paste the contents of the HCP for cloud scale CSR into the CSR field.
    6. Click Save.
      The profile is added to the list of profiles.
  4. Create a registration token:
    1. Click Products and select KMIP.
      The Registered Clients page opens.
    2. Select Registration Token.
      The Registration Token page opens.
    3. Click New Registration Token.
      The Create New Registration Token wizard opens.
    4. Click Begin and enter the default name prefix, token lifetime, certificate duration in days, and client capacity.
    5. Click Select CA, click External, and select the CA you uploaded previously.
    6. Click Select Profile and select the client profile you created previously.
    7. Click Create Token.
      The registration token is created.
    8. Click Copy to copy the registration token.
    9. Click Done.
      The registration token is added to the list of tokens.
  5. Register a new client:
    1. Click Products and select KMIP.
      The Registered Clients page opens.
    2. Select Add Client.
      The Add Client page opens.
    3. Enter the name of the client.
    4. In the Registration Token field, paste the registration token you previously copied.
    5. In the Client Certificate field, paste the contents of the HCP for cloud scale system certificate.
    6. Click Save.
      The client is added to the list of registered clients.