Import TLS certificates into TrueNAS and configure KMIP

this section shows how to import the truenas tls certificate created in the previous section into truenas, along with the ca certificate that issued the tls certificates for both truenas and the kmip server connection pair on the {{k3}} before doing so, you must extract the certificates and private key from the pkcs #12 file exported from {{k3}} by using openssl extract the pkcs #12 file perform the following steps to extract the pkcs #12 file open a terminal application with openssl installed go to the directory where the pkcs #12 file is saved run the following openssl command to extract the certificates and private key from the pkcs #12 file and save them to a new file openssl pkcs12 in tree p12 out tree pem nodes when prompted, enter the password that was specified when you exported the pkcs #12 file from the {{k}} open the output file (for example, tree pem ) to view the truenas certificate, its associated private key, and the ca certificate that issued both the truenas certificate and the kmip server connection pair certificate then, copy and paste them into the truenas web interface in the next section import the ca certificate perform the following steps to import the ca certificate log in to the truenas web interface go to system > cas and select \[ add ] in the type drop down menu, select import ca enter a memorable name for the ca and paste the ca certificate extracted from the pkcs #12 file into the certificate field leave the private key and passphrase fields empty, and select \[ submit ] import the certificate perform the following steps to import the truenas certificate log in to the truenas web interface go to system > certificates and select \[ add ] in the type drop down menu, select import certificate enter a memorable name for the certificate and paste the truenas certificate and private key extracted from the pkcs #12 file into the appropriate fields leave the passphrase field empty and select \[ submit ] configure kmip perform the following steps to configure kmip in truenas log in to the truenas web interface go to system > kmip to complete the configuration enter the {{k3}} ip address or hostname and the default kmip connection port, 5696 select the certificate and certificate authority imported in the previous section to check that the certificate and ca chain are correct, check the validate connection box and select \[ save ] when you verify the certificate chain, choose the encryption values, sed passwords, or zfs data pool encryption keys to move to the kmes series 3 set enabled to move the passwords and keys immediately after selecting \[ save ] refresh the kmip page to see the current kmip key status you should see synced displayed to cancel a pending key synchronization, set force clear and select \[ save ]