Chapter 7: Encryption Key Management
Scalar Key Manager Functions Available on the Library
Quantum Scalar i40 and Scalar i80 User’s Guide 189
Installing Your Own TLS Certificates
When providing your own certificates, it is assumed you understand the
concepts of PKI (Public Key Infrastructure) and can access the tools or
third-party resources needed to generate or obtain certificates.
Note: You must be running SKM 1.1 or higher on your SKM servers in
order to install your own TLS certificates.
Note: If you install your own TLS certificates on the SKM server, you
must also install your own certificates on the library. Similarly, if
you use the Quantum-provided TLS certificates on the SKM
server, you must also use the Quantum provided TLS certificates
on the library. Newer libraries come with Quantum-provided
TLS certificates pre-installed. To verify whether TLS certificates
are already installed on the library, refer to
Checking Whether
TLS Certificates are Installed on Library on page 186.
You need to provide the following certificates:
• Root certificate (also called the CA certificate, or Certificate
Authority certificate)
• Client certificate
• Admin certificate
These files must be in the proper format, as follows. If any of the
following requirements is not met, none of the certificates will be
imported.
• The Root Certificate must be 2048 bits.
• The Root Certificate must be in PEM format.
• Admin and Client certificates must be in pkcs12 (.p12) format, with
a separate certificate and private key contained in each.
• Admin and Client certificates must be 1024 bits.
• Admin and Client certificates must be signed by the Root Certificate.
• Certificates must have the Organization name (O) set in the Issuer
and Subject information.
• The Admin certificate must have its Organizational Unit name (OU)
set as “akm_admin” in its Subject Information.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
