E-series configured multiple KMS but the key will only be installed on first server
Applies to
SANtricity OS 11.70
Issue
- Customer configured E2824 (running SANtricity OS 11.70.2) to use 2 standalone instance of IBMGuardium Key Lifecycle Manager for external KMS, and the 2 standalone instances of KMS are using individualself-signed server certificate.
- Whenimport KMS certificate to the storage, can only import 1 client certificate and 1 server certificate. A second attempt will overwrite the first server certificate with the second server certificate, not able to load 2 KMS certificates.
- When change the security key, the key is updated on the first KMS but not the second KMS.