Configure certificates in the FlashArray CLI

6min

in the previous section, you exported all the pure storage flasharray ca tree certificates to the storage medium (usb device or ftp server) configured on the {{k3}} you must copy the contents of these files to your computer clipboard for use in the following flasharray cli commands define the kmip server and import the kmip server ca certificate the purekmip create command enables the creation of a kmip server and provides a way to import the ca certificate for the kmip server (the root ca certificate in the pure storage flasharray certificate tree) when prompted after executing the command, paste in the kmip server's ca certificate be sure to copy the entire certificate, including both the begin and end lines in the uri field, specify the ip address or hostname of the {{k3}} and the kmip port number pureuser\@purefa ct0 # purekmip create kmip srvr – uri 10 0 5 127 5696 certificate cert 1 ca certificate please enter ca certificate followed by enter and then ctrl d \ begin certificate miidejccafoccqd5srlgfudwrzanbgkqhkig9w0baqsfadblmrswgqydvqqldbjq \ pasted lines omitted 8mmbeua8iyyihhiqd6nj03k0aesmta== \ end certificate if the command is successful, the output shows the name and uri of the kmip server, the name of the flasharray certificate associated with it, and a boolean value of true or false for whether the ca certificate is configured import the signed flasharray certificate you can use the purecert setattr command to import the signed flasharray certificate when prompted after executing the command, paste in the signed flasharray certificate be sure to copy the entire certificate including begin and end lines pureuser\@purefa ct0 # purecert setattr certificate cert 1 please enter certificate followed by enter and then ctrl d \ begin certificate miidpdccaisgawibagiiangthwaaaicwdqyjkozihvcnaqelbqawdzenmasga1ue \ pasted lines omitted sqpnmlbdt1c7dn4yp0pk7g== \ end certificate if the command succeeds, the output lists the certificate name, and status shows i mported test connection and authentication use the purekmip test command to verify that the specified credentials successfully contact and authenticate with the kmip port on the {{k3}} pureuser\@purefa ct0 # purekmip test kmip srvr if the command succeeds, the output lists the name of the kmip server, and the status field shows ok be sure to run the purekmip test step to test the server array communication path before enabling rdl

Initial setup

Enable Rapid Data Locking (RDL)