KMS requirements

Encryption License Key User Guide for VSP One Block

Version
10.2.x
Audience
anonymous
Part Number
MK-23VSP1B010-00
Item Requirements
Protocols KMIP v1.0, v1.1, v1.2, v1.3, v1.4
Products Thales/Gemalto: CipherTrust Manager k170v/k470v/k470/k570
Certificates To connect to the KMIP server, you must upload the following certificates to the storage system:
  • KMS Root Certificate: X.509 format
  • Client certificate in PKCS #12 format:
    • If an intermediate certificate exists, have a signed public key certificate that consists of a certificate chain containing the intermediate certificate.
    • The maximum number of certificate chain levels for the uploaded certificate is 5, including the root CA certificate.
    • The public key cryptography of the certificate to be uploaded must be RSA.
  • Server certificate configured on the KMIP server:
    • The public key cryptography of the server certificate must be RSA.
    • The maximum number of tiers is 5. Use a certificate with 5 or fewer tiers.

Contact the KMS administrator for information about these certificates.

The client certificate must be converted to PKCS#12 format. In addition, client certificates before converting to PKCS#12 format must be signed by the Certificate Authority of the KMS.

Please pay attention to the expiration date when preparing the certificate. When the certificate expires, you will not be able to connect to the KMS.

SSL/TLS communication For SSL/TLS communication and certificate requirements between the storage system and the KMS, see the System Administrator Guide.
Number of KMSs Up to two other KMSs can be registered. If two KMSs are registered, they must be clustered together. It is recommended to register two KMSs.