Configuring IIAS with ISKLM

If you want to configure the ISKLM information on the IIAS appliance, work with the IIAS platform administrator to perform the following steps.

Before you begin

After the ISKLM administrator has created a device group for IIAS in the ISKLM server, make sure that you have the following information:
  • The Server certificate in .pem format from the ISKLM server.
  • The device group name created on the ISKLM server.
  • The ISKLM IP address and KMIP port value.

To configure the ISKLM information on the IIAS appliance, the IIAS platform administrator must perform the steps below.

Procedure

  1. Log in as apuser or equivalent.
  2. Run the command
    apsedsklm configure --url <protocol://ip address:port> --servercert <server certificate path> --devgrp <device-group> 
    where protocol is either tls or http, ip address is the SKLM IP address and port number is the KMIP port of SKLM, server certificate path is the downloaded location of the SKLM server certificate in the IIAS and device-group is the device group created for this IIAS by the ISKLM administrator.
    Example:
    [apuser@node0101]# apsedsklm configure --url tls://9.30.220.247:5696 --devgrp IIAS_GROUP_TEST --servercert /tmp/ssl/server_cert_export.cer
    Creating Client Key and Certificate..
    Successfully Created Client Key and Certificate.
    Configuring Client Parameters.
    sedsupport.cfg.json File already exists in /var/lib/sedsupport.. Rewriting the Configuration.
    Successfully Configured SKLM Client Parameters..
    Please find log at /var/log/appliance/platform/sedsupport/apsedsklm_20190303222531.log
  3. Once the command runs successfully, it will create a client certificate that needs to be uploaded into the ISKLM server with the help of ISKLM administrator.
  4. After the successful upload to ISKLM, you can delete this file from IIAS.