Test a connection from the client to the KMES Series 3

1min

the process for configuring and testing certificates on the client side varies between the different types of applications connecting to the {{k3}} with kmip however, you can use the following openssl commands to confirm that the kmip client certificate enables a successful connection to the kmip port on the {{k3}} perform the following steps to test the connection, based on your use case if you used the {{k}} as the ca that signed the kmip client certificate, then you must extract the client certificate, private key, and root ca certificate from the pkcs #12 file before connecting if you used an external ca to sign the client certificate, run the following openssl command to test connection and authentication to the {{k3}} openssl s client connect 10 0 5 197 5696 cafile root pem cert signed client cert pem key sslclient privatekey pem adjust the ip address of the {{k3}} and the file names in the preceding command to your specific situation if you used the {{k}} as a ca to sign the kmip client certificate, run the following openssl command to first extract the contents of the pkcs #12 file openssl pkcs12 in export pkcs12 p12 out pkcs12 pem nodes open the pkcs12 pem file that was output from the previous command then, copy the signed client certificate, private key, and root ca certificate to individual files for use in the next command run the following openssl command to test the connection to the {{k3}} openssl s client connect 10 0 5 197 5696 cafile root pem cert signed client cert pem key sslclient privatekey pem if the ssl handshake is successful, then you have configured the certificates correctly on the {{k3}} if you used the tls certificate to authenticate, the {{k3}} attempts to authenticate the kmip client immediately after establishing the connection if the common name of the tls certificate matches the name of a {{k}} user with the signing ca of that tls certificate registered, the authentication is successful, and the kmip client might perform any of the actions that are enabled for that user on the {{k}} the process for authenticating with username and password on the client side is specific to each kmip client

Before you start

Configure TLS Certificates for the connection between the KMIP client and the KMES Series 3