Create a role and identity on the KMES Series 3 for MySQL Server

this section shows you how to create a role and identity on the {{k3}} and assign it the permissions mysql server needs to generate the master encryption key used for tde when mysql server initiates a connection to the {{k}} through kmip, authentication occurs through the tls certificate by matching a {{k}} identity name to the common name configured for the mysql server certificate, mysql can authenticate and assume the permissions granted to that identity add a pki identity provider perform the following steps to add a pki identity provider configured with the tls authentication mechanism log in to the {{k3}} application interface with the default admin identities go to identity management > identity providers right click anywhere in the window and select add > provider > pki on the info tab of the identity provider editor window, specify a name for the identity provider and uncheck enforce dual factor on the pki options tab, select \[ select ] in the certificate selector window, expand the certificate tree you created for mutual authentication, select the ca certificate that signed the mysql server and kmip connection pair certificates, and select \[ ok ] select \[ ok ] to finish creating the pki identity provider right click the identity provider you just created and select add > mechanism > tls on the info tab, specify a name for the authentication mechanism on the pki tab, leave all fields set to the default values select \[ ok ] to save create a role perform the following steps to create a role for mysql server go to identity management > roles and select \[ add ] in the info tab of the role editor window, set the type to application , the name to mysql , and logins required to 1 on the permissions tab, enable the following permissions for the role permission subpermission cryptographic operations encrypt, decrypt keys add on the advanced tab, set allowed ports to kmip only select \[ ok ] to finish creating the role create an identity perform the following steps to create an identity for mysql server go to identity management > identities right click anywhere in the window and select add > client application on the info tab of the identity editor window, select application for the storage location and specify mysql as the identity name on the assigned roles tab, select the role you created for mysql server on the authentication tab, remove the default api key mechanism and select \[ add ] in the configure credential window, select the tls certificate drop down option in type and select the provider and mechanism you created select \[ ok ] to finish configuring the credential select \[ ok ] to finish creating the identity