This section describes how to manage DSM domains and keys using CCKM APIs.
Before you can use a DSM as a key source in CCKM:
The DSM must be installed and configured and the DSM server certificate must be downloaded.
A connection to the DSM must be configured on the CipherTrust Manager.
Refer to the sections below.
On the DSM
For any DSM you plan to use as key source, a DSM administrator must:
Install and configure a DSM. Refer to the latest version of the DSM Administration Guide.
When adding a connection to the DSM on the CipherTrust Manager, you need to enter the DSM account information you gather during the installation and configuration of the DSM.
Create a DSM administrator account of type All or Domain and Security Administrator for CCKM. These administrators can create keys on the DSM.
Note the following information:
DSM fully-qualified host name and IP address.
Name and password of the DSM administrator created in previous step.
CCKM performs key operations through REST APIs exposed in the DSM. CCKM requires the DSM server certificate to invoke the APIs. When adding connection to the DSM as your key source, you need to upload the DSM certificate to the CipherTrust Manager.
The steps to export a DSM server certificate using other browsers (for example, Firefox) may differ slightly.
To export your DSM server certificate from DSM using the Chrome browser:
https://<DSM IP address>in a browser. The DSM user login page is displayed.
Log on to the web-based management console of the DSM.
In the web URL, click the Not Secure section and click View Certificate.
Click the Details tab of the certificate.
Click Copy to File. The Certificate Export Wizard is displayed. This wizard is used to export your certificate in the appropriate format.
On the Export File Format page, select the Base-64 encoded X.509 (.CER) format option.
On the File to Export page, enter the directory to which to save the file on your laptop or desktop and specify the file name (for example,
Click Finish to complete the export.
You need to upload this DSM server certificate to the DSM Connection page of the CipherTrust Manager when adding a connection to the DSM as your key source.
On the CipherTrust Manager
After the DSM is configured and the DSM certificate is downloaded, a CipherTrust Manager configures the connection to the DSM. Refer to Connection Manager for details.
After ensuring the prerequisites, DSM domains and DSM keys can be managed on the CipherTrust Manager. Refer to the following sections: