Open topic with navigation

Creating a User for VMware Encryption

In order to establish a trusted connection between the HyTrust KMIP server and vSphere, you need to provide vSphere with a user certificate and a private key. In order to generate this information, add a new user to the KMIP server and download the associated certificates.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Security Admin privileges.
  2. In the top menu bar, click KMIP.
  3. Click the Users tab.
  4. Select Actions > Create User.

  5. In the Create a New User dialog box:

    1. Enter a user name in the Username field.

    2. Set the date on which you want the certificate to expire in the Cert Expiration field. If the certificate expires, communication between vSphere and KeyControl will be disrupted until a new certificate is uploaded.

      Important: Do not enter a password for the user. Due to a vSphere limitation, you cannot upload encrypted certificates.

      The following example shows a user called KMIPUser with a certificate expiration date of February 2, 2018.

    3. Click Create.
  6. Select the user you just created.
  7. Select Actions > Download Certificate. The webGUI downloads <username_datetimestamp>.zip, which contains a user certification/key file called <username>.pem and a server certification file called cacert.pem.
  8. Unzip the file so that you have the <username>.pem file available to upload into vCenter, as described in Creating the KMS Cluster in vSphere. vSphere does not require the cacert.pem file.

What to Do Next 

Create the KMS cluster in vSphere as described in Creating the KMS Cluster in vSphere.

Open topic with navigation