- Define the KMIP Server and import the KMIP Server CA certificate.
- Import the signed FlashArray certificate.
- Test connection and authentication from the FlashArray to the CryptoHub.
Define the KMIP Server and import the KMIP Server CA certificate
The purekmip create command enables the creation of a KMIP Server and provides a way to import the CA certificate for the KMIP server. After executing the command, you must paste in the KMIP server’s CA certificate when prompted. Be sure to copy the entire certificate, including the-----BEGIN and ----END lines.
Perform the following step to define the KMIP Server and import the KMIP Server CA certificate:
Run the purekmip create command as shown in the following example:
In the uri field, specify the IP or hostname of the CryptoHub and the KMIP port number.
None
If the command succeeds, the output shows the name and URI of the KMIP Server, the name of the FlashArray certificate associated with it, and a boolean value of True or False indicating whether the CA certificate is configured.
Import the signed FlashArray certificate
The purecert setattr command imports the signed FlashArray certificate. After executing the command, paste in the signed FlashArray certificate when prompted. Be sure to copy the entire certificate, including the-----BEGIN and ----END lines.
Perform the following step to import the signed FlashArray certificate:
Test connection
The following purekmip test command verifies that the configured credentials successfully contact and authenticate FlashArray to the KMIP port on the CryptoHub:None
If the command succeeds, the output lists the name of the KMIP server, and the Status field displays OK.
Be sure to run the purekmip test command to test the server-array communication path before enabling RDL.