Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

ProtectV Administration

Configuring a Keystore

search

Please Note:

Configuring a Keystore

ProtectV supports the CipherTrust Manager and the SafeNet KeySecure Classic for key management. These key managers are referred to as the keystore in this document. The CipherTrust Manager (local) is the default keystore. However, the keystore can be changed whenever needed. The KeySecure Classic is referred to as the remote keystore.

Note

The ProtectV service supports:
• SafeNet KeySecure Classic OS v8.1.0 and higher versions.
• CipherTrust Manager 1.4.0 and higher versions.

Configuring a Remote Keystore

To configure a remote keystore:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane.

    Settings page

  4. Click the Keystore tab.

    Remote Keystore set to off

    Note

    By default, the Remote Keystore toggle switch is OFF. The CipherTrust Manager is used as the keystore.

  5. Click the Remote Keystore toggle switch to turn it ON. This shows fields for configuring the remote keystore, the KeySecure Classic.

  6. Specify the following details:

    Remote Keystore details

    ParameterDescription
    IPIP address of the KeySecure Classic. When using a KeySecure cluster (or multiple KeySecure servers), specify the clustered KeySecure IP addresses separated by colons.
    PortNAE port of the KeySecure Classic. Use the port associated with your CA certificate.
    UsernameUser of the KeySecure Classic. This user must have permission to create keys on the SafeNet KeySecure.
    PasswordPassword of the KeySecure Classic user.
    Trusted Certificate AuthorityContent of the trusted CA certificate (.crt file) that you generated on the KeySecure Classic.
    Keystore Client KeyContent of the KeySecure client's private key.
    Key PasswordPassword of the KeySecure client's private key.
    Keystore Client CertContent of the imported KeySecure client's certificate.

  7. Click Save. A green check mark appears indicating that the keystore configuration is saved.

    Save remote keystore settings

This sets the KeySecure Classic as the new keystore for key management.

Setting the CipherTrust Manager as the Keystore

If the KeySecure Classic is configured as the keystore, you can switch to the CipherTrust Manager for key management.

To set the CipherTrust Manager as the keystore:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane.

  4. Click the Keystore tab. The Remote Keystore toggle switch is turned ON. The KeySecure Classic is the current keystore.

    Remote keystore set to on

  5. Click the Remote Keystore toggle switch to turn it OFF.

    Remote keystore set to off

This disables the remote keystore and sets the CipherTrust Manager as the default keystore for key management.

On this page