Skip to main content
This section shows how to import the TrueNAS TLS certificate created in the previous section into TrueNAS, along with the CA certificate that issued the TLS certificates for both TrueNAS and the KMIP server connection pair on the KMES Series 3. Before doing so, you must extract the certificates and private key from the PKCS #12 file exported from KMES Series 3 by using OpenSSL.

Extract the PKCS #12 file

Perform the following steps to extract the PKCS #12 file:
1
Open a terminal application with OpenSSL installed.
2
Go to the directory where the PKCS #12 file is saved.
3
Run the following OpenSSL command to extract the certificates and private key from the PKCS #12 file and save them to a new file:
Shell
openssl pkcs12 -in tree.p12 -out tree.pem -nodes
When prompted, enter the password that was specified when you exported the PKCS #12 file from the KMES.
4
Open the output file (for example, tree.pem) to view the TrueNAS certificate, its associated private key, and the CA certificate that issued both the TrueNAS certificate and the KMIP server connection pair certificate. Then, copy and paste them into the TrueNAS web interface in the next section.

Import the CA certificate

Perform the following steps to import the CA certificate:
1
Log in to the TrueNAS web interface.
2
Go to System> CAs and select [ ADD ].
3
In the Type drop-down menu, select Import CA.
4
Enter a memorable name for the CA and paste the CA certificate extracted from the PKCS #12 file into the Certificate field.
5
Leave the Private Key and Passphrase fields empty, and select [ SUBMIT ].

Import the certificate

Perform the following steps to import the TrueNAS certificate:
1
Log in to the TrueNAS web interface.
2
Go to System> Certificates and select [ ADD ].
3
In the Type drop-down menu, select Import Certificate.
4
Enter a memorable name for the certificate and paste the TrueNAS certificate and private key extracted from the PKCS #12 file into the appropriate fields.
5
Leave the Passphrase field empty and select [ SUBMIT ].

Configure KMIP

Perform the following steps to configure KMIP in TrueNAS:
1
Log in to the TrueNAS web interface.
2
Go to System > KMIP to complete the configuration.
3
Enter the KMES Series 3 IP address or hostname and the default KMIP connection port, 5696. Select the Certificate and Certificate Authority imported in the previous section. To check that the Certificate and CA chain are correct, check the Validate Connection box and select [ SAVE ].
4
When you verify the certificate chain, choose the encryption values, SED passwords, or ZFS data pool encryption keys to move to the KMES Series 3. Set Enabled to move the passwords and keys immediately after selecting [ SAVE ].
5
Refresh the KMIP page to see the current KMIP Key Status.
You should see Synced displayed.
To cancel a pending key synchronization, set Force Clear and select [ SAVE ].