How to Identify the EKM SSL Port
1. Start the Encryption Key Manager server using the command line.
v On Windows, navigate to cd c:\ekm and click startServer.bat
v On Linux platforms, navigate to /var/ekm and enter startServer.sh
v See “Starting, Refreshing, and Stopping the Key Manager Server” on page
5-1 for more information.
2. Start the CLI client using the command line.
v On Windows, navigate to cd c:\ekm and click startClient.bat
v On Linux platforms, navigate to /var/ekm and enter startClient.sh
v See “The Command Line Interface Client” on page 5-5 for more information.
3. Login to a CLI client on the Encryption Key Manager server using the
following command:
login –ekmuser userID –ekmpassword password
where userID = EKMAdmin and password = changeME (This is the default
Password. If you previously changed the default password use your new
password.)
Once login is successful User successfully logged in is displayed.
4. Identify the SSL port by entering the following command:
status
The displayed response should be similar to this: server is running. TCP
port: 3801, SSL port: 443.
Make a note of the SSL configured port and ensure it is the port used to
configure your library-managed encryption settings.
5. Logout from the command line. Enter the following command:
exit
Close the command window.
Generating Keys and Aliases for Encryption on LTO 4 and LTO 5
The Dell Encryption Key Manager Server GUI is the easiest way to generate
symmetric encryption keys (see “Using the GUI to Create a Configuration File,
Keystore, and Certificates” on page 3-5). You can also use the Keytool utility to
generate symmetric encryption keys. Keytool is especially useful for importing and
exporting keys between different keystores. See “Importing Data Keys Using
Keytool -importseckey ” on page 3-12 and “Exporting Data Keys Using Keytool
-exportseckey ” on page 3-12 for details.
Keytool is a utility for managing keys, certificates, and aliases. It enables you to
generate, import, and export your encryption data keys and store them in a
keystore.
Each data key in the keystore is accessed through a unique alias. An alias is a
string of characters, such as 123456tape. In JCEKS keystores, 123456Tape would be
equivalent to 123456tape and allow access to the same entry in the keystore. When
you use the keytool -genseckey command to generate a data key, you specify a
corresponding alias in the same command. The alias enables you to identify the
correct key, in the correct key group and keystore, for use in writing and reading
encrypted data on LTO 4 and LTO 5 tape.
Chapter 3. Installing the Encryption Key Manager and Keystores 3-9
|
|
To Next Page
Loading...
Need help?
General