Each client that you want to connect to the KeyControl KMIP server must have a user certificate, a user key, and a server certificate. To obtain this information, create a user account for the client and download the certificate bundle.
We recommend that you create a separate user account for each client for tracking purposes, but that is not required. Because all KMIP users can see all KMIP objects, you could use the same account for all clients.
| Note: | If you are creating a KMIP user account to use with VMware vSphere Encryption, see |
In the Create a New User dialog box, enter the following information:
|
Field |
Description |
|---|---|
|
Username |
The username associated with this account. If you are going to create multiple KMIP accounts, this name should be descriptive enough that you can tell the KMIP clients apart. The username can contain only alphanumeric characters and it must start with a letter. You cannot include any special characters or spaces. The username cannot be changed after the account is created. |
|
Cert Expiration |
The date on which the certificate will expire. If the certificate expires, communication between the KeyControl KMIP server and the client will be disrupted until a new certificate is uploaded to the client. |
|
Password/Confirm Password |
An optional password associated with this user account. Whether the account needs a password depends on the way your security is configured and the type of implementation you are using. In most cases, the user certificate/key and server certificate files should be sufficient security. In other cases, such as the KeyControl integration with VMware vSphere Encryption, you cannot specify a user password due to limitations with vSphere. |
<username_datetimestamp>.zip, which contains a user certification/key file called <username>.pem and a server certification file called cacert.pem.Upload the certificates on the KMIP client. You can now use standard API calls to interact with the KMIP server.