Search
- Filter results by:
- View attachments
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_rotate_data_authentication_keys_on_a_FIPS_drive_or_SEDOnboard Key Manager (OKM) At times, it may be desirable to rotate data authentication keys on a FIPS drive or SED. The process of rotating keys in an NSE environment depends on whether you are using a...Onboard Key Manager (OKM) At times, it may be desirable to rotate data authentication keys on a FIPS drive or SED. The process of rotating keys in an NSE environment depends on whether you are using an External Key Manager (using KMIP) or the OKM. External Key Managers require generating a new authentication key (AK) before assigning new authentication keys to the drives. OKM does not support generating new authentication keys without deleting and recreating the OKM configuration on the cluster.
- https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/External_key_management_server_is_not_available_for_vserverApplies to HashiCorp Vault External key management Issue HashiCorp External key management became unavailable during a certificate replacement. km.keyserver.notavailable: The external key management s...Applies to HashiCorp Vault External key management Issue HashiCorp External key management became unavailable during a certificate replacement. km.keyserver.notavailable: The external key management server is not available for Vserver "vserver", status: "unknown"
- https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Gemalto_SafeNet_KeySecure_k250_appliance_not-respondingNode Port Registered Key Manager Status ---------------------- ------ --------------------------- --------------- Cluster-01 5696 172.x.x.2 not-responding Cluster-01 5696 172.x.x.4 available Cluster-0...Node Port Registered Key Manager Status ---------------------- ------ --------------------------- --------------- Cluster-01 5696 172.x.x.2 not-responding Cluster-01 5696 172.x.x.4 available Cluster-02 5696 172.x.x.2 not-responding Cluster-02 5696 172.x.x.4 available 4 entries were displayed. Mon Dec 21 18:49:34 -0500 [Cluster-01: mgwd: km.keyserver.notavailable:alert]: The external key management server "172.x.x.2" is not available for Vserver "Cluster", status: "not-responding".
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_validate_certificates_for_an_External_Key_ManagerWhen configuring an External Key Management solution in ONTAP, there are a few pieces of information that are needed in-order to ensure a secure connection between ONTAP (Client) and the EKM Device (S...When configuring an External Key Management solution in ONTAP, there are a few pieces of information that are needed in-order to ensure a secure connection between ONTAP (Client) and the EKM Device (Server) The following will need to be installed into ONTAP before a secure connection can be established: Client certificate AND the unencrypted private key associated with the client certificate All Intermediate and Root CA certificates that signed the EKM Server certificate.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Replacing_External_Key_Manager_SSL_certificates_fails_with_an_errorApplies to ONTAP 9 External Key Manager Security Certificate Issue Replacing External Key Manager SSL certificates fails with an error: Error: command failed: The new client certificate public or priv...Applies to ONTAP 9 External Key Manager Security Certificate Issue Replacing External Key Manager SSL certificates fails with an error: Error: command failed: The new client certificate public or private keys are different from the existing client certificate.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/External_key_servers_unavailable_on_boot_when_using_ifgrps_with_more_than_one_digit_in_names_as_KMIP_interfaceskmip2_client: Importing keys from external key servers.[Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_ssl.c: 4290: error: 10: msg: ...kmip2_client: Importing keys from external key servers.[Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_ssl.c: 4290: error: 10: msg: kmip_ssl_conn_do_handshake [Mar 23 15:19:10]: 0x808604200: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:120: Error: distro/kmip_io.c: 243: error: 10: msg: KMIP_xmit:KMIP_send
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_certificates_for_HyTrust_External_Key_Manager_when_keys_are_presentApplies to HyTrust External Key Management (EKM) ONTAP 9 Description This article covers the steps needed to renew client certificates when using HyTrust EKM, when keys are present on the external ser...Applies to HyTrust External Key Management (EKM) ONTAP 9 Description This article covers the steps needed to renew client certificates when using HyTrust EKM, when keys are present on the external server. This article is ONLY supported for the HyTrust external key manager.