Test a connection from the client to the KMES Series 3
The process for configuring and testing certificates on the client side varies between the different types of applications connecting to the with KMIP. However, you can use the following OpenSSL commands to confirm that the KMIP client certificate enables a successful connection to the KMIP port on the .
Perform the following steps to test the connection, based on your use case:
If you used the as the CA that signed the KMIP client certificate, then you must extract the client certificate, private key, and root CA certificate from the PKCS #12 file before connecting. If you used an external CA to sign the client certificate, run the following OpenSSL command to test connection and authentication to the :
Adjust the IP address of the and the file names in the preceding command to your specific situation.
If you used the as a CA to sign the KMIP client certificate, run the following OpenSSL command to first extract the contents of the PKCS #12 file:
Open the pkcs12.pem file that was output from the previous command. Then, copy the signed client certificate, private key, and root CA certificate to individual files for use in the next command.
Run the following OpenSSL command to test the connection to the :
If the SSL handshake is successful, then you configured the certificates correctly on the .
If you used the TLS certificate to authenticate, the attempts to authenticate the KMIP client immediately after establishing the connection. If the Common Name of the TLS certificate matches the name of a user with the signing CA of that TLS certificate registered, the authentication is successful and the KMIP client may perform any of the actions that are enabled for that user on the .
The process for authenticating with username and password on the client side is specific to each KMIP client.