Step 4: Create the KMIP User for the Cluster
Describes how to create a KMIP user on the Data Fabric cluster to store SafeNet Key Secure credentials.
You need to create the KMIP user for the Data Fabric cluster. To do this:
- Navigate to Add in the
Local Users
section.NOTEThe user name must match the common name in your client certificate for the KMIP certificate authentication to succeed. In this example, since the CN for the client certificate issafenetclient1
, the username must also besafenetclient1
:
and then click - Enter the password for the user. This is required when creating a user, but is not used for KMIP, as authentication is performed using certificate authentication. You do not need to check the User Administration Permission and Change Password Permission boxes, as these are not used for KMIP.
- Click Save to create the user. The newly created user is added to
the Local Users listing, as shown in the following example:
At the end of this phase, you should have the following files that are needed to set up your
Data Fabric
KMIP client, in addition to the list of IP addresses
and port number of the key management appliances:
- The CA used to sign the client certificate. This is the local CA that is downloaded from the Gemalto SafeNet KeySecure Key Manager.
- The signed client certificate that was signed by the KeySecure local CA and downloaded from the KeySecure appliance.
- The client private key which was generated using OpenSSL.
Continue the setup on the data-fabric CLDB node using the configure.sh script with the HSM parameters, or the mrhsm Commands.