Use the following procedure to prepare the client certificate. Encryption keys backed up on the key management server (KMS) are managed with the client certificate. The client certificate on the KMS must remain current and not expired. If the client certificate expires or is not current, the storage system will not be able to access the KMS.
CAUTION:
- If the client certificate is lost and the SVP is replaced due to a failure, the encryption keys that were backed up before the SVP replacement cannot be restored.
- When the connection settings are backed up to the KMS, the storage system does not back up the client certificate. Make sure that you back up a copy of the connection settings to the KMS and save a copy of the client certificate separately. Refer to your corporate security policy for procedures related to backups.
- The encryption keys backed up on the KMS are managed with the client certificate. If the client certificate is changed, the encryption keys that were backed up before the change cannot be restored. Make sure to back up the encryption keys immediately after changing the client certificate.
- Your storage system must have a physical or virtual SVP.