Skip to main content
Nutanix generates a unique keypair and Certificate Signing Request (CSR) for each Controller VM (CVM) node in the cluster. Download these CSRs from Prism Element and prepare them for signing on the CryptoHub.
1
Log in to Prism Element and click the gear icon (⚙) in the top-right corner to open the Settings panel.
2
In the left pane under the Security section, select Data-at-rest Encryption.
3
Click Edit Configuration (or Continue Configuration if you have previously started setup).
4
Under Key Management Server Type, select An external KMS.
5
Scroll down to the Certificate Signing Request Information section. Complete all required fields:
  • Organization
  • Organizational Unit
  • Country (two-letter ISO code)
  • State
  • City
  • Email
Click Save CSR Info.
6
Click Download CSRs. In the dialog that appears, click Download CSRs for all nodes.Prism Element downloads a csrs.zip archive containing one CSR file per CVM node. The files use a .txt extension by default.
7
Extract the csrs.zip archive on your workstation.Rename each file from .txt to .csr if required by your signing workflow. The file contents are standard PEM-encoded CSRs regardless of extension.
The number of CSR files in the archive equals the number of CVM nodes in the cluster. A three-node cluster produces three CSR files; a larger cluster produces more. Each CSR must be signed individually on the CryptoHub.