Skip to main content
NetApp Knowledge Base

NSE: How to unconfigure the external key management before upgrading to Data ONTAP 9.3 or later

Views:
1,249
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • NetApp Storage Encryption (NSE)
  • Key Management Interoperability Protocol (KMIP)
  • ONTAP 9.2 and earlier Upgrading to ONTAP 9.3 or later

Description

This article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later.

  • A new KMIP client has been released in the ONTAP 9.3 code (KMIP2).
  • Keys that were created/stored using a KMIP1 client in pre-ONTAP 9.3 releases cannot be retrieved using the new KMIP2 client.
  • For more information, see the ONTAP 9.3 Release Notes.

Page 25:
Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command before upgrading, then reconfigure the KMIP server connections using the security key-manager setup command after the upgrade is completed.”

  • The following error message may be seen when upgrading a NSE system with external KMIP to ONTAP 9.3:

Error: External key management is configured on the cluster.
       Please unconfigure the external key management before
       upgrading to Data ONTAP 9.3.
       To unconfigure, run the command:
       "security key-manager delete-kmip-config"
ERROR: external keymanager check failed.
Install Failed.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device