Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Rubrik

Pre-Integration Steps

search

Pre-Integration Steps

This section lists the steps to be performed before starting with the integration.

  1. Creating a User on the CipherTrust Manager

  2. Registering a KMIP Client

  3. Configuring the KMIP Interface

  4. Creating a Client Certificate

Creating a User on the CipherTrust Manager

Create a user on the CipherTrust Manager and add it to the Key Admins group. For more information, refer to the CipherTrust Manager documentation.

Registering a KMIP Client

Note

You need to switch the domain before performing this operation.

You can register a KMIP client on the CipherTrust Manager using:

Using Auto-Registration

  1. Create a registration token using the following steps:

    1. Log on to the CipherTrust Manager.

    2. Go to Access Management > Registration Tokens in the sidebar.

    3. Click Create New Registration Token.

  2. Copy the Registration Token once it is created.

  3. Turn ON Auto Registration using the following steps:

    1. Go to Admin Settings > Interfaces.

    2. Click the ellipsis icon corresponding to the KMIP interface.

    3. Click Edit.

    4. Under the Configure KMIP window, select Auto Registration.

    5. Paste the Registration Token.

    6. Select the mode as TLS, verify client cert, user name taken from client cert, auth request is optional.

    7. Click Update.

Using Manual Registration

  1. Log on to the CipherTrust Manager.

  2. Go to Products > KMIP.

  3. Create a Client Profile using the following steps:

    1. Go to Client Profile and click Add Profile.

    2. Add a Profile Name.

    3. Select CN in Username Location in Certificate.

      Note

      For Domain, the CN will be domain||username.

    4. Click Certificate Details.

    5. Paste the content of the generated client.csr.

    6. Click Save.

  4. Create a Registration Token using the following steps:

    1. Go to Registration Token and click New Registration Token > Begin.

    2. Add a Name Prefix.

    3. Click Select CA.

    4. Select the CA type as Local if you are using Local CA or select external if you are using External CA.

    5. Select appropriate CA from the dropdown menu and click Select Profile.

    6. Select the Client Profile from the dropdown which you have created.

    7. Click Create Token.

    8. Copy the Token value and click Done.

    Note

    If you are using an external CA then you can select the external CA which was created using openssl and uploaded on the CipherTrust Manager.

  5. Go to Registered Clients and click Add Client. Specify the client's name and paste the generated Registration Token.

    Note

    If you are using an external CA then you need to paste the signed client certificate in the Client Certificate field.

  6. Click Save > Save Certificate to save the Client Certificate.

Configuring the KMIP Interface

Perform the following steps to configure the KMIP interface:

  1. Go to Admin Settings > Interfaces.

  2. On the KMIP Interface, click the ellipsis icon, then click Edit. A Configure KMIP popup is displayed.

  3. Select the Auto Registration check box if you registered your client using Auto Registration. However, if you registered your client manually, clear the check box.

    Note

    While selecting Auto Registration, ensure that you create a registration token and enter its value in the Registration Token field. Refer to the CipherTrust Manager documentation for details.

  4. Select the mode as TLS, verify client cert, user name taken from client cert, and auth request is optional.

  5. Specify selections for Local CA for Automatic Server Certificate Generation as desired.

    Note

    In case of an External CA, set Local CA for Automatic Server Certificate Generation to Turn off auto-generation from Local CA.

  6. Select the CA according to your preference.

    • If you are using an External CA, select the CA under External Trusted CAs.

    • If you are using a Local CA, select the CA under Local Trusted CAs.

  7. Expand the Upload Certificate section (Applicable to External CA):

    1. In the Certificate field, paste the content of the Server Certificate, CA, and the Server Key file in the same order. Do not introduce any space, characters, or symbols between the content of these files.

    2. Set the certificate Format as PEM.

    3. Specify the Password (Optional).

    4. Click Update.

Creating a Client Certificate

Note

This section applies to KMIP clients registered using Auto Registration.

Perform the following steps to create a Client Certificate:

  1. Log on to the CipherTrust Manager.

  2. Navigate to the Local CA and click Issue Certificate.

  3. Enter the Display Name, followed by the Common Name.

    Warning

    The Common Name should be the name of the User you created on the Ciphertrust Manager in Creating a User on the CipherTrust Manager step.

  4. Select the Algorithm and Size, and click Issue Certificate to save the Private Key and the CSR.

  5. Select Certificate Purpose as client, specify the validity of the certificate in days, and click Issue Certificate.

  6. Navigate to Local CA > Upload CSR.

  7. Paste the content of the CSR and select the Certificate Purpose as Client.

  8. Download a copy of this certificate by clicking the ellipsis icon next to the certificate name.

On this page