Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 7 results
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_rotate_data_authentication_keys_on_a_FIPS_drive_or_SED
      Onboard Key Manager (OKM) At times, it may be desirable to rotate data authentication keys on a FIPS drive or SED. The process of rotating keys in an NSE environment depends on whether you are using a...Onboard Key Manager (OKM) At times, it may be desirable to rotate data authentication keys on a FIPS drive or SED. The process of rotating keys in an NSE environment depends on whether you are using an External Key Manager (using KMIP) or the OKM. External Key Managers require generating a new authentication key (AK) before assigning new authentication keys to the drives. OKM does not support generating new authentication keys without deleting and recreating the OKM configuration on the cluster.
    • https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/External_key_management_server_is_not_available_for_vserver
      Applies to HashiCorp Vault External key management Issue HashiCorp External key management became unavailable during a certificate replacement. km.keyserver.notavailable: The external key management s...Applies to HashiCorp Vault External key management Issue HashiCorp External key management became unavailable during a certificate replacement. km.keyserver.notavailable: The external key management server is not available for Vserver "vserver", status: "unknown"
    • https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Gemalto_SafeNet_KeySecure_k250_appliance_not-responding
      Node Port Registered Key Manager Status ---------------------- ------ --------------------------- --------------- Cluster-01 5696 172.x.x.2 not-responding Cluster-01 5696 172.x.x.4 available Cluster-0...Node Port Registered Key Manager Status ---------------------- ------ --------------------------- --------------- Cluster-01 5696 172.x.x.2 not-responding Cluster-01 5696 172.x.x.4 available Cluster-02 5696 172.x.x.2 not-responding Cluster-02 5696 172.x.x.4 available 4 entries were displayed. Mon Dec 21 18:49:34 -0500 [Cluster-01: mgwd: km.keyserver.notavailable:alert]: The external key management server "172.x.x.2" is not available for Vserver "Cluster", status: "not-responding".
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_validate_certificates_for_an_External_Key_Manager
      When configuring an External Key Management solution in ONTAP, there are a few pieces of information that are needed in-order to ensure a secure connection between ONTAP (Client) and the EKM Device (S...When configuring an External Key Management solution in ONTAP, there are a few pieces of information that are needed in-order to ensure a secure connection between ONTAP (Client) and the EKM Device (Server) The following will need to be installed into ONTAP before a secure connection can be established: Client certificate AND the unencrypted private key associated with the client certificate All Intermediate and Root CA certificates that signed the EKM Server certificate.
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Replacing_External_Key_Manager_SSL_certificates_fails_with_an_error
      Applies to ONTAP 9 External Key Manager Security Certificate Issue Replacing External Key Manager SSL certificates fails with an error: Error: command failed: The new client certificate public or priv...Applies to ONTAP 9 External Key Manager Security Certificate Issue Replacing External Key Manager SSL certificates fails with an error: Error: command failed: The new client certificate public or private keys are different from the existing client certificate.
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/External_key_servers_unavailable_on_boot_when_using_ifgrps_with_more_than_one_digit_in_names_as_KMIP_interfaces
      kmip2_client: Importing keys from external key servers.[Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_ssl.c: 4290: error: 10: msg: ...kmip2_client: Importing keys from external key servers.[Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_ssl.c: 4290: error: 10: msg: kmip_ssl_conn_do_handshake [Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_io.c: 243: error: 10: msg: KMIP_xmit:KMIP_send
    • https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_certificates_for_HyTrust_External_Key_Manager_when_keys_are_present
      Applies to HyTrust External Key Management (EKM) ONTAP 9 Description This article covers the steps needed to renew client certificates when using HyTrust EKM, when keys are present on the external ser...Applies to HyTrust External Key Management (EKM) ONTAP 9 Description This article covers the steps needed to renew client certificates when using HyTrust EKM, when keys are present on the external server. This article is ONLY supported for the HyTrust external key manager.