Limitations in the current Encryption Key Manager GUI may prevent it from displaying the
Encryption Key Manager host IP address in the Server Health Monitor:
v If the host is configured with an IPv6 address, the Encryption Key Manager application will not be
able to display the IP address.
v If the Encryption Key Manager application is installed in a Linux system, the Encryption Key
Manager application displays the localhost address and not the actual active IP port.
a. To retrieve the actual IP address of the host system, locate the IP port address by accessing the
network configuration.
v In a Windows system, open a command window and enter ipconfig.
v For Linux enter isconfig.
How to Identify the EKM SSL Port
a. Start the Encryption Key Manager server using the command line.
v On Windows, navigate to cd c:\ekm and click startServer.bat
v On Linux platforms, navigate to /var/ekm and enter startServer.sh
v See "Starting, Refreshing, and Stopping the Key Manager Server" in the Dell Encryption Key
Manager User's Guide for more information.
b. Start the CLI client using the command line.
v On Windows, navigate to cd c:\ekm and click startClient.bat
v On Linux platforms, navigate to /var/ekm and enter startClient.sh
v See "Starting the Command Line Interface Client" in the Dell Encryption Key Manager User's
Guide for more information.
c. Login to a CLI client on the Encryption Key Manager server using the following command:
login –ekmuser userID –ekmpassword password
where userID = EKMAdmin and password = changeME (This is the default Password. If you
previously changed the default password use your new password.)
Once login is successful User successfully logged in is displayed.
d. Identify the SSL port by entering the following command:
status
The displayed response should be similar to this: server is running. TCP port: 3801, SSL port:
443.
Make a note of the SSL configured port and ensure it is the port used to configure your
library-managed encryption settings.
e. Logout from the command line. Enter the following command:
exit
Close the command window.
Method 2: Set up Encryption Key Manager Using Commands
Step 1. Create a JCEKS Keystore
CAUTION: It is highly recommended that a copy of the Encryption Key Manager and all associated files
be made on a regular basis. If Encryption Key Manager encryption keys are lost or corrupted, there is no
method of recovering the encrypted data.
Create a keystore and populate it with a certificate and private key. The certificate is used to secure
communications between Encryption Key Manager Servers and with the Encryption Key Manager CLI
Client. This keytool command creates a new JCEKS keystore called EKMKeys.jck and populates it with a
certificate and private key with the alias of ekmcert. This certificate is valid for 5 years. When this
5
페이지 인쇄