If you want to configure the ISKLM information on the IIAS appliance, work with the IIAS
platform administrator to perform the following steps.
Before you begin
After the ISKLM administrator has created a device group for IIAS in the ISKLM server, make sure
that you have the following information:
- The Server certificate in
.pem
format from the ISKLM server.
- The device group name created on the ISKLM server.
- The ISKLM IP address and KMIP port value.
To configure the ISKLM information on the IIAS appliance, the IIAS platform administrator must
perform the steps below.
Procedure
-
Log in as
apuser
or equivalent.
-
Run the command
apsedsklm configure --url <protocol://ip address:port> --servercert <server certificate path> --devgrp <device-group>
where
protocol is either
tls
or
http
,
ip
address is the SKLM IP address and
port number is the KMIP port of
SKLM,
server certificate path is the downloaded location of the SKLM server
certificate in the IIAS and
device-group is the device group created for this
IIAS by the ISKLM administrator.
Example:
[apuser@node0101]# apsedsklm configure --url tls://9.30.220.247:5696 --devgrp IIAS_GROUP_TEST --servercert /tmp/ssl/server_cert_export.cer
Creating Client Key and Certificate..
Successfully Created Client Key and Certificate.
Configuring Client Parameters.
sedsupport.cfg.json File already exists in /var/lib/sedsupport.. Rewriting the Configuration.
Successfully Configured SKLM Client Parameters..
Please find log at /var/log/appliance/platform/sedsupport/apsedsklm_20190303222531.log
-
Once the command runs successfully, it will create a client certificate that needs to be
uploaded into the ISKLM server with the help of ISKLM administrator.
-
After the successful upload to ISKLM, you can delete this file from IIAS.