Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CM Connection/External CM

Managing CM Connections using GUI

search

Please Note:

Managing CM Connections using GUI

This section explains the steps to configure the CM/external CM connections using GUI.

Prerequisites

On the client CM.

  1. Create a CipherTrust (External) Connection

  2. Generate a Connection CSR

On the domain of the external CM where you want to create a connection.

  1. Create a Client Profile

  2. Generate a Registration Token

  3. Add the Client

After completing the steps, configure the CM connection on the client CM.

Create a CipherTrust (External) Connection

Add a connection to the external CipherTrust Server.

  1. Log on to the CipherTrust Manager.

  2. In the left pane, click Access Management > Connections.

  3. On the Connections screen, under CIPHERTRUST (EXTERNAL) CONNECTIONS, click Add CipherTrust (external) Server.

  4. On the Add CipherTrust (external) Server screen, enter the Name of a CipherTrust (external) Server.

  5. Enter the Node Hostname/IP of a CipherTrust Manager server node (external CM).

    Note

    If the external CM is configured to use a custom port (that is, other than 443), then append the custom port to the hostname/IP address. For example, specify <hostname or IP address>:<custom-port>.

    To add additional nodes, click Add CM Node.

  6. Add a Certificate. You need to add the root CA of the external CM. The options are:

    • File Upload: Select and upload the certificate (in PEM format).

    • Text: Select and paste the certificate content.

    Sample Root CA:

    -----BEGIN CERTIFICATE----- 
MIIFrjCCA5agAwIBAgIQe4lLpV6szJdk3He6ctFDszANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G A1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIz MDUzMDExMTgwMFoXDTMzMDUyODExMTgwMFowWjELMAkGA1UEBhMCVVMxCzAJBgNV BAgTAlRYMQ8wDQYDVQQHEwZBdXN0aW4xDzANBgNVBAoTBlRoYWxlczEcMBoGA1UE AxMTQ2lwaGVyVHJ1c3QgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBAJDOzVgX8QT2nHGYbMOJQUPCwqc0ajQn1lrpzz+eWNuIBYHCRs9WRYO3 Z3+Rc9LcuwoNShQDb+XBQHcX9FbN9ZP1h+/UCM78LIXhBCIpJRK1XIcLy38ZHunU oVeaxWRwy2TwdfpRLP9dvOkeZnlTTq0vsybTh4Gt5E3sRU7oceWuSJEzT4PF5Wx0 iZXeCoOyqXXqi8lEPS4HqIAgOXY/TkTmr/JohBYWcZttCA20PemQEfIwLeCRYnTe GG4k7/TkoHVkGmGbudg2ot2sR9AaUL10aVzl4rSsq2purJO60DzRA5BtcLLx7537 e6PLcDp5/7B5FVT2KiY9/ojlAXgd4Rp0pzDG3qrfjMhh2rho5Ab7s2zZfZNW/mpm n2xDnczt2NYnDhVGhViTA3lezsbkpaRaKMLlBnb0JRHPmc+bbpTcs1igrWxjXuyp WDNxQ3WorEy0yMANAfCrRaeMoN1t58UZKJ0WwRaJyeYpCREBsbRIHz9+uQhRFTSP RZ/V6EacEDQbfueiVigLbeVyhjRJ65sN+5obEpaVlU3soJPRjRVnhwe6qQdpunf1 u7pcC84Tdmfk6lP2tMHDmEUwTd99ssuGAvdcDAFNTb+0Cb5JWBOUeSaG3kGTKwaI YF+cfy8sFnHKQ2SYuMxUB7ujf+JgywJ6LnSgzTMbtwEneuxXUGvzAgMBAAGjcDBu MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnlLCu e5kDRyTLxtqoWTbEkcSQKjAsBgNVHREEJTAjgSF0ZWNobmljYWwuc3VwcG9ydEB0 aGFsZXNncm91cC5jb20wDQYJKoZIhvcNAQELBQADggIBACj3OQqhk/Gv+aNhjYi/ cs6QlW5zKBOh4bSy9+6gJ0NsszBKJwVT5w3wOhlfwIIJyH/P4IqVVgp9wE9Ymuir efRQGbiHVbBrjzBqPDt9e9wdsZXPbhz88fxNB0XqgV1Sg8ip5Ccqd68u6mGo40Cu zZFSyDz0O3ctHJ0THV1jy+u2S7o7eYZ0T9qul1DLTiueV743NZI2/acFqi2G4cIv nSV3xbnfKC+4kzf3wKoful/xs+H8vD+d2lJsAXq4d6ck3ptfLKi035IUd3nS3sJT k2KCIOjdKU6wfwiO/s3XXDYWLdiVPlWrf/+HglIVPP3np2hWUzAeIznm01Y4wUh0 jsDISk8/H6L3/NBb2Dlf5zKpGZCXDoUjw/2dNFaYcGJEL3fVNcHaQVn8yyetJIXS PXzv0ZuvE/6cTCAlhxBkAJqMYteJJomOeXv0PBlJ+ePM52sYzAVkt3YkFM1QdJ1i LbUgNLQg55s4nswiZK4Dva2S3me+ahrSO9CFw8aXYh+3r7yKu4kNfQbWIx7RGETH +2UPMg+QbkaqOOnbVMSjGJBK2oe43YKVgdhgLDSBRHRWmlqmjsvYW0ZKdIgFhDIa tijRkOfDJdh2GyAv7nLbqsyQZN5RSlzjZh9LEGZ8+ETw/hHleQwRSr8B5JtRyNR2 grZ+pEXAN+a6jmqMed5BNnBR
-----END CERTIFICATE-----

    Note

    • To add additional nodes, click Add CM Certificate.

    • The external CM web server certificate must contain the IP address.

  7. Click Add CipherTrust (external) Server.

The newly created CipherTrust (external) Server is displayed in the list of CipherTrust (external) Servers.

Generate a Connection CSR

  1. Navigate to the CSR Generator page (CA > CSR Generator).

  2. Generate a Connection CSR and download the CSR certificate.

Create a Client Profile

  1. Navigate to the Client Profiles page (Access Management > Client Profiles).

  2. Add a client profile.

    Note

    • You can create a client profile using the Local CA and External CA.

Generate a Registration Token

Refer to Creating a Registration Token for details.

Note

To generate a registration token, you first need to create a client profile.

Add the Client

  1. Navigate to the Client Hub page (Access Management > Client Hub).

  2. Click Add Client.

  3. Specify a name for the client.

  4. Select the Registration Token that you generated.

  5. Add the connection CSR that you generated above. The options are:

    • File Upload: Select and upload the certificate (in PEM format).

    • Text: Select and paste the certificate content.

  6. Add the client.

  7. Save the Client ID and the Client Certificate.

If the external CM is in a clustered environment, the external CM administrator needs to add the client to the Cluster Info Viewers group, so that client CM can read the cluster information.

To add the client to the Cluster Info Viewers group.

  1. On the Client Hub page, click the Name of the client that you created above.

  2. Expand the GROUPS section.

  3. Disable Show '<client name>' groups.

  4. Search for Cluster Info Viewers.

  5. Click Add.

Configure a CM connection

  1. Select the CipherTrust (external) server you created from the drop-down list.

  2. Under Authentication:

    1. Enter the Client ID (for example, 18455d84-1b39-48d5-ac86-c649f78703a2) that you saved while adding the client.

    2. Add the Client Certificate that you saved while adding the client. The options are:

      • File Upload: Select and upload the certificate (in PEM format).

      • Text: Select and paste the certificate content.

        Sample Client Certificate:

        -----BEGIN CERTIFICATE-----
MIIE4jCCAsqgAwIBAgIQQzK0f1r4RadGoL6BHoNm8TANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcTBkF1c3RpbjEPMA0G A1UEChMGVGhhbGVzMRwwGgYDVQQDExNDaXBoZXJUcnVzdCBSb290IENBMB4XDTIz MDUzMTA2MTc0MVoXDTI1MDUzMTA2MTc0MVowRjEOMAwGA1UEAxMFYWRtaW4xNDAy BgoJkiaJk/IsZAEBEyQxODQ1NWQ4NC0xYjM5LTQ4ZDUtYWM4Ni1jNjQ5Zjc4NzAz YTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9bYT/1nW7EGbf/btk O7jlN76jAFXT8XvUwTrqcmrwAsiUZcTd7bke9vp6w7bokNlILQJVFb4EeZYD9lWK Eosnh1h+PwePS2SlrIac9NOmbfrKNeccEbR4+cIaU3/UKNo0BAI06/7QXPn/sPwL LIF/eGl9UzttJdKkg0gg57vwxK3MkvT+TJ55EjVleHGO85JcGWMB8x0lAuN1N/K8 fKlSKq9WwopPdiuzbwqya+ulP8KDfZ/pmgMo54tIjwUvaxTtUVgoqZFFBiOQYTMx ZK2oDtYqioHraXw71Q2fbQ0SjzTubQLU1li6VQlwuaJVouXtjQw1SbiyCLl9axIw ydalAgMBAAGjgbcwgbQwDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUF BwMCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUZ5SwrnuZA0cky8baqFk2xJHE kCowXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDovL2NpcGhlcnRydXN0bWFuYWdlci5s b2NhbC9jcmxzL2VlZjgyNjViLWI1MDYtNGM2Yi04YWRkLWU5YTliOTY3ZjI3OS5j cmwwDQYJKoZIhvcNAQELBQADggIBAAjxjAmuVS9Q9LV9lXpJ7dRPWE35Xa76AW4I fEvrNlm2z9aBd5yzXFgeRv3jYK354fKzMjLAbShu98CkK56DEz0ThgY4a14kiXCE Heko6ZGbW2MORfa8yD/S0YD3Z6Cq0bQth4iouHFTvl7zYfZFEojk9Aq9HrT4hoTh of8K8ddT0aufy298WN9y2vOL7XrpVZbwRydTtzazBrsjuJgJFY27P7jnplntOpey nZI6Oa2zY3cb3EPQkW7LjzRoXbUDx6iZfiLr7sT2se4z6EeVPscjaDrM1ZlZAB5T gY2UtruT/Bbyk5lToAI21kEBguie2Z5wzCnWqAx+F/BYPnfFI9ZdlLsF4Tf5iek8 90PsBFFO0XAefMsenwBjokhrUQ/eBzurrMe4ILhgFNHXDpQiwtj0Ljph3qDQ3m43 P8IXHtZg2Wy5MYbgn58IxjG2rABo5Nwrrc5whWDvA6U9vO9KpBtAK5wt8JxRT8jH A9L3uKdlwJ1r8POJ2MKZl0ooWcP0NC/uy5aTaIcWMgMmrFA5gaLrXdKrha5MDUKP UJ6mVJZRxZCoRKvlZ3/zb0jvu6LdlpnbclXc3fkyfe7JetZ0APNwi9PqOrRrwkcg 3ODrtiyHhbmIEjZZMJjYEFF+jegZPKbvFDCGW9T/h9ny3RZ+cSHKBex+jB1/dhNF qyjekzHR
-----END CERTIFICATE-----

  3. (Optional) Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

  4. Click Next to move to the Add Products screen of the Add Connection wizard.

On this page