Keys and Aliases for Encryption on LTO 4 and LTO 5” on page 3-9.) Take note
of the names given to the certificates and keys. This information will be used
in later steps.
3. Create key groups and populate with key aliases. See “Creating and Managing
Key Groups” on page 3-14.
4. Using the text editor of your choice, open the KeyManagerConfig.properties
to specify the following properties. Please note that the current design of the
server is very strict. Do not use Windows to edit the file for a Linux machine
because of ^M. If you use Windows, edit the file with gvim/vim.
Note to Windows Users: The Java SDK uses forward slashes, even when
running on Windows. When specifying paths in the
KeyManagerConfig.properties file, be sure to use
forward slashes. When specifying a fully-qualified
path name in the command window, use back
slashes in the normal manner for Windows.
a. Audit.Handler.File.Directory – specify a location where audit logs are to
be stored.
b. Audit.metadata.file.name – specify a fully qualified path and filename for
the metadata XML file.
c. Config.drivetable.file.url – specify a location for information about drives
that are known to the Encryption Key Manager. This file is not required
before starting the server or CLI client. If it does not exist, it will be
created during shutdown of the Encryption Key Manager server.
d. TransportListener.ssl.keystore.name – specify the path and filename of the
keystore created in step 1.
e. TransportListener.ssl.truststore.name - specify the path and filename of
the keystore created in step 1.
f. Admin.ssl.keystore.name - specify the path and filename of the keystore
created in step 1.
g. Admin.ssl.truststore.name - specify the path and filename of the keystore
created in step 1.
h. config.keystore.file - specify the path and filename of the keystore created
in step 1.
i. drive.acceptUnknownDrives - specify true or false. A value of true allows
new tape drives that contact the Encryption Key Manager to be
automatically added to the drive table. The default is false.
5. The following optional password entries may be added or omitted. If these
entries are not specified in KeyManagerConfig.properties, the Encryption Key
Manager will prompt for the keystore password during the startup of the
server.
a. Admin.ssl.keystore.password - specify the password of the keystore
created in step 1.
b. config.keystore.password - specify the password of the keystore created in
step 1.
c. TransportListener.ssl.keystore.password - specify the password of the
keystore created in step 1.
When added to the KeyManagerConfig.properties file, the Encryption Key
Manager obfuscates these passwords for additional security.
6. Optionally set the Server.authMechanism property to a value of LocalOS if
CLI client authentication is to be done against the local operating system
4-4 Dell Encryption Key Mgr User's Guide
|
To Next Page
Loading...
Need help?
General