Configure certificates in the FlashArray CLI
In the previous section, all of the Pure Storage FlashArray CA tree certificates were exported to the storage medium (USB Device or FTP Server) configured on the . You must copy the contents of these files to your computer clipboard for use in the following FlashArray CLI commands.
The purekmip create command enables the creation of a KMIP server and provides a way to import the CA certificate for the KMIP server (the root CA certificate in the Pure Storage FlashArray certificate tree). When prompted after executing the command, paste in the KMIP server's CA certificate. Be sure to copy the entire certificate including “-----BEGIN” and “----END” lines.
In the URI field, specify the IP address or hostname of the and the KMIP port number.
If the command is successful, the output shows the name and URI of the KMIP Server, the name of the FlashArray certificate associated with it, and a boolean value of True or False for whether the CA certificate is configured.
You can use the purecert setattr command to import the signed FlashArray certificate. When prompted after executing the command, paste in the signed FlashArray certificate. Be sure to copy the entire certificate including “-----BEGIN” and “----END” lines.
If the command succeeds, the output lists the certificate name, and Status shows Imported.
Use the purekmip test command to verify that the specified credentials successfully contact and authenticate with the KMIP port on the .
If the command is successful, the output lists the name of the KMIP server, and the Status field shows OK.
Be sure to run the purekmip test step to test the server-array communication path before enabling RDL.