Creating KMIP Server User Accounts

Each client that you want to connect to the KeyControl KMIP server must have a user certificate, a user key, and a server certificate. To obtain this information, create a user account for the client and download the certificate bundle.

We recommend that you create a separate user account for each client for tracking purposes, but that is not required. Because all KMIP users can see all KMIP objects, you could use the same account for all clients.

Note: If you are creating a KMIP user account to use with VMware vSphere Encryption, see Creating a User for VMware Encryption.
  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
  2. In the top menu bar, click KMIP.
  3. On the Basic tab, make sure that the state is set to Enabled. The server must be enabled before you can add user accounts.
  4. Click the Users tab.
  5. Select Actions > Create User.
  6. In the Create a New User dialog box, specify the options you want to use.

  7. Select the user you just created.
  8. Select Actions > Download Certificate. The webGUI downloads <username_datetimestamp>.zip, which contains a user certification/key file called <username>.pem and a server certification file called cacert.pem.
  9. Upload the certificates on the KMIP client. You can now use standard API calls to interact with the KMIP server.