Verify the integration using Storage Navigator connection tests, CryptoHub key verification, and audit log review.Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
Verify the KMIP connection
The primary verification tool is the Server Configuration Test within Storage Navigator.Under Server Configuration Test, select the Check button. This performs a live TLS handshake and KMIP protocol negotiation with both the primary and secondary servers.
Verify encryption keys on the CryptoHub
Check the audit log
In Storage Navigator, access the Audit Log to review all interactions between the VSP and the CryptoHub.
Troubleshooting
If the connection test or encryption operations fail, check the following:| Symptom | Probable cause | Resolution |
|---|---|---|
| Certificate silently rejected | Client certificate missing x509v3 extensions | Re-generate the client certificate with a configuration file that includes req_extensions and x509_extensions sections. Re-export as PKCS #12 and re-import. |
| Connection test fails with TLS error | TLS version mismatch or inspection proxy | Ensure the CryptoHub’s KMIP listener has TLS 1.2 enabled. Exempt CryptoHub traffic from TLS inspection. |
| Connection timeout | Network connectivity issue | Confirm TCP port 5696 is open between the SVP and the CryptoHub. Test with telnet <CryptoHub-IP> 5696 from the SVP. |
| DNS resolution failure | Hostname used but DNS not configured on SVP | Configure DNS on the SVP’s OS network settings, or use the CryptoHub IP address instead. |
| Self-signed certificate rejected | VSP does not support self-signed certificates | Ensure all certificates are signed by a trusted CA. |
| Certificate expired | Client certificate past its validity period | Generate a new client certificate, convert to PKCS #12, and re-import into Storage Navigator. Back up encryption keys immediately after the certificate change. |