Permission Denied when retrieving keys due to SKLM certificate change
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- IBM Security Key Lifecycle Manager (SKLM)
Issue
- NVE volumes encrypted using SKLM key server
- SKLM host certificate was renewed
- After a controller reboot, keys can not be pulled to ONTAP cache
- Key servers show "
Available
" status when runningkey-manager external show-status
Warning: Unable to list entries on node <node>. KMIP "Get" command failed
on external key server "IP_addess:5696". Cryptsoft error: "Response
status: OPERATION_FAILED. Reason: PERMISSION_DENIED. Message:
xxxxxxxx The KMIP user is not authorized to access the target
object.".