In the Add Endpoint dialog:
- Enter a Name for the endpoint. Use a descriptive name that helps you identify which node CSR this endpoint corresponds to (e.g. “nutanix-node-1”, “nutanix-node-2”, etc.).
- Leave set the CryptoHub Hostname that is auto-populated.
Select [ Add Endpoint ]. The browser prompts you to download a zip file which contains the following files:
| File | Description |
|---|---|
ca-chain.pem | CA certificate bundle |
client-cert.pem | Client TLS certificate |
credential.txt | Contains the name of the identity CryptoHub created for Nutanix to use when connecting and authenticating via KMIP |
info.txt | Includes the service name and address for connecting to the CryptoHub |
pki.p12 | Full Client PKI in encrypted PKCS #12 format (contains the CA chain, client certificate, and client private key) |
pki-password.txt | Contains the password for the PKCS #12 file |
CryptoHub <number>.cer | Auto-generated self-signed CA certificate used to issue client endpoint TLS certs (number is random) |
Futurex Test Root CA (ECC).cer or Futurex Test Root SSL CA.cer | Futurex Test Root CA for embedded Futurex Test TLS certs (ECC or RSA, based on the algorithm configured for the KMIP connection pair) |
<number>-Prod-App-Alt.cer | KMIP server TLS certificate (number is random) |
After deploying the client endpoint, CryptoHub creates a Certificate Authority (CA) for the service. This CA is used in the next step to sign the per-node CSRs that Nutanix generates. The CA certificate is also uploaded to Nutanix to establish trust.
The
Futurex Test Root CA (ECC).cer or Futurex Test Root SSL CA.cer file from this zip is the KMIP server root CA certificate. You will need this file when configuring the Certificate Authority in Prism Element.