Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager Quick - Page 5

Method 2: Set up Encryption Key Manager Using Commands, Step 1. Create a JCEKS Keystore - user password

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 5 highlights

Limitations in the current Encryption Key Manager GUI may prevent it from displaying the Encryption Key Manager host IP address in the Server Health Monitor: v If the host is configured with an IPv6 address, the Encryption Key Manager application will not be able to display the IP address. v If the Encryption Key Manager application is installed in a Linux system, the Encryption Key Manager application displays the localhost address and not the actual active IP port. a. To retrieve the actual IP address of the host system, locate the IP port address by accessing the network configuration. v In a Windows system, open a command window and enter ipconfig. v For Linux enter isconfig. How to Identify the EKM SSL Port a. Start the Encryption Key Manager server using the command line. v On Windows, navigate to cd c:\ekm and click startServer.bat v On Linux platforms, navigate to /var/ekm and enter startServer.sh v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key Manager User's Guide for more information. b. Start the CLI client using the command line. v On Windows, navigate to cd c:\ekm and click startClient.bat v On Linux platforms, navigate to /var/ekm and enter startClient.sh v See "Starting the Command Line Interface Client" in the Dell Encryption Key Manager User's Guide for more information. c. Login to a CLI client on the Encryption Key Manager server using the following command: login -ekmuser userID -ekmpassword password where userID = EKMAdmin and password = changeME (This is the default Password. If you previously changed the default password use your new password.) Once login is successful User successfully logged in is displayed. d. Identify the SSL port by entering the following command: status The displayed response should be similar to this: server is running. TCP port: 3801, SSL port: 443. Make a note of the SSL configured port and ensure it is the port used to configure your library-managed encryption settings. e. Logout from the command line. Enter the following command: exit Close the command window. Method 2: Set up Encryption Key Manager Using Commands Step 1. Create a JCEKS Keystore CAUTION: It is highly recommended that a copy of the Encryption Key Manager and all associated files be made on a regular basis. If Encryption Key Manager encryption keys are lost or corrupted, there is no method of recovering the encrypted data. Create a keystore and populate it with a certificate and private key. The certificate is used to secure communications between Encryption Key Manager Servers and with the Encryption Key Manager CLI Client. This keytool command creates a new JCEKS keystore called EKMKeys.jck and populates it with a certificate and private key with the alias of ekmcert. This certificate is valid for 5 years. When this 5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
Limitations in the current Encryption Key Manager GUI may prevent it from displaying the
Encryption Key Manager host IP address in the Server Health Monitor:
v
If the host is configured with an IPv6 address, the Encryption Key Manager application will not be
able to display the IP address.
v
If the Encryption Key Manager application is installed in a Linux system, the Encryption Key
Manager application displays the localhost address and not the actual active IP port.
a.
To retrieve the actual IP address of the host system, locate the IP port address by accessing the
network configuration.
v
In a Windows system, open a command window and enter
ipconfig
.
v
For Linux enter
isconfig
.
How to Identify the EKM SSL Port
a.
Start the Encryption Key Manager server using the command line.
v
On Windows, navigate to cd
c:\ekm
and click
startServer.bat
v
On Linux platforms, navigate to
/var/ekm
and enter
startServer.sh
v
See “Starting, Refreshing, and Stopping the Key Manager Server” in the
Dell Encryption Key
Manager User's Guide
for more information.
b.
Start the CLI client using the command line.
v
On Windows, navigate to cd
c:\ekm
and click
startClient.bat
v
On Linux platforms, navigate to
/var/ekm
and enter
startClient.sh
v
See “Starting the Command Line Interface Client” in the
Dell Encryption Key Manager User's
Guide
for more information.
c.
Login to a CLI client on the Encryption Key Manager server using the following command:
login –ekmuser
userID
–ekmpassword
password
where
userID
= EKMAdmin and
password
= changeME (This is the default Password. If you
previously changed the default password use your new password.)
Once login is successful
User successfully logged in
is displayed.
d.
Identify the SSL port by entering the following command:
status
The displayed response should be similar to this:
server is running. TCP port: 3801, SSL port:
443
.
Make a note of the SSL configured port and ensure it is the port used to configure your
library-managed encryption settings.
e.
Logout from the command line. Enter the following command:
exit
Close the command window.
Method 2: Set up Encryption Key Manager Using Commands
Step 1. Create a JCEKS Keystore
CAUTION:
It is highly recommended that a copy of the Encryption Key Manager and all associated files
be made on a regular basis. If Encryption Key Manager encryption keys are lost or corrupted, there is no
method of recovering the encrypted data.
Create a keystore and populate it with a certificate and private key. The certificate is used to secure
communications between Encryption Key Manager Servers and with the Encryption Key Manager CLI
Client. This
keytool
command creates a new JCEKS keystore called EKMKeys.jck and populates it with a
certificate and private key with the alias of ekmcert. This certificate is valid for 5 years. When this
5