Creating a Certificate Bundle for VMware Encryption

In order to establish a trusted connection between the HyTrust KMIP server and vSphere, you need to provide vSphere with a user certificate and a private key generated by the KMIP server.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
  2. In the top menu bar, click KMIP.
  3. Click the Client Certificates tab.
  4. Select Actions > Create Certificate.

  5. In the Create a New Client Certificate dialog box:

    1. Enter a name in the Certificate Name field.

    2. Set the date on which you want the certificate to expire in the Certificate Expiration field. If the certificate expires, communication between vSphere and KeyControl will be disrupted until a new certificate is uploaded.

      Important: Do not enter a password for the certificates. Due to a vSphere limitation, you cannot upload encrypted certificates.

      The following example creates a certificate bundle called KMIPvSphereCert with a certificate expiration date of December 31, 2019.

    3. Click Create.
  6. Select the user you just created.
  7. Select Actions > Download Certificate. The webGUI downloads <username_datetimestamp>.zip, which contains a user certification/key file called <username>.pem and a server certification file called cacert.pem.
  8. Unzip the file so that you have the <username>.pem file available to upload into vCenter, as described in Creating the KMS Cluster in vSphere. vSphere does not require the cacert.pem file.

What to Do Next 

Create the KMS cluster in vSphere as described in Creating the KMS Cluster in vSphere.

 

HyTrust DataControl v 4.2

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: