Integration with CipherTrust Manager
This section provides the steps to integrate HPE Primera with the CipherTrust Manager.
Log into the HPE Primera using the CLI.
Start importing your certs one by one using the following steps:
Import the CA used to sign the Client Certificate by using
importcert ekm -client –ca <local path to the copy your CA Certificate>
Import the Client Certificate onto Primera by using the following command:
importcert ekm -client <local path to the copy of your Client Certificate>
Import the CA used to sign the Server Certificate by using the following command:
importcert ekm -server -ca <local path to the copy of your CA Certificate>
Reply yes to the question about importing the signed certificate.
Once all the certificates have been uploaded, run
showcert
again to verify.To enable encryption on the array, run the following command:
controlencryption setekm –setserver <IP of CipherTrustManager> -port <Port being used for KMIP> -ekmuser <User created on CipherTrustManager> -kmipprotocols <KMIP Protocol Version>
Navigate to the SSMC GUI and confirm that the EKM has been configured properly and the setting are correct. System > Actions > CheckEKM servers.
If the setting are in order, you receive a pop-up confirming the same.
Navigate to System > Actions > Enable Encryption.
Enter the password to access the EKM.
Accept the implications and click on Yes to enable encryption.
You will find a new key created on CipherTrust Manager. You should also be able to see the creation of the key in the CipherTrust Manager Audit Logs.
This completes the integration of HPE Primera with CipherTrust Manager.