Step 4: Create the KMIP User for the Cluster

Describes how to create a KMIP user on the data-fabric cluster to store SafeNet Key Secure credentials.

You need to create the KMIP user for the data-fabric cluster. To do this:

  1. Navigate to Local Authentication > Local Users & Groups and then click Add in the Local Users section.
    NOTE The user name must match the common name in your client certificate for the KMIP certificate authentication to succeed. In this example, since the CN for the client certificate is safenetclient1, the username must also be safenetclient1:


  2. Enter the password for the user. This is required when creating a user, but is not used for KMIP, as authentication is performed using certificate authentication. You do not need to check the User Administration Permission and Change Password Permission boxes, as these are not used for KMIP.
  3. Click Save to create the user. The newly created user is added to the Local Users listing, as shown in the following example:


At the end of this phase, you should have the following files that are needed to set up your data-fabric KMIP client, in addition to the list of IP addresses and port number of the key management appliances:
  • The CA used to sign the client certificate. This is the local CA that is downloaded from the Gemalto SafeNet KeySecure Key Manager.
  • The signed client certificate that was signed by the KeySecure local CA and downloaded from the KeySecure appliance.
  • The client private key which was generated using OpenSSL.

Continue the setup on the data-fabric CLDB node using the configure.sh script with the HSM parameters, or the mrhsm Commands.