Configure the Legacy Key Management Server settings

Configure the Legacy Key Management Server settings In an upgrade scenario, where you have upgraded application servers to 15.2 (or higher) and you still have servers of the v11.1 release operating in your environment. When you configure these settings, the v11.1 servers will continue to operate with the legacy RSA KMS server until the v11.1 servers are also migrated to the higher release. Configuring these settings allows you to avoid upgrading the RSA KMS server used by the v11.1 servers.

Procedure 

  1. Go to System Management. Under Enterprise, select Settings.

  2. In the Installations tree (left pane), select the Enterprise node.

  3. Click Security.

  4. In the Legacy Encryption Management section, complete these fields:

    • Primary Key Management Server - Type the host name or fully qualified domain name (FQDN) of the primary server that hosts the key management system used by the v11.1 servers in your environment. If a Port field is present, specify the port on which this server listens for connections.

    • Secondary Key Management Server - Type the host name or fully qualified domain name (FQDN) of the secondary (or backup) server that hosts the key management system used by the v11.1 servers in your environment. In the Port field, specify the port on which this server listens for connections.

    • Client Certificate File Password - Type the export password of the client certificate used to create an identity/application in the RSA KMS used by the v11.1 servers in your environment.

  5. In the Data-At-Rest Encryption settings, specify a Legacy Encryption Key Class if Thales is selected as the KMS Server Type under Encryption Management, and Enable Data-At-Rest Encryption is selected. Specify the Legacy Encryption Key Class for the RSA Key Management Server (KMS) used by the v11.1 servers.

  6. Click Save and Apply to Children.

  7. Check the System Monitoring, System Monitor, Alarm Dashboard screen for new alarms that indicate it is necessary to restart services. If these alarms appear, restart the services indicated by the alarms.

    Alarms indicating it is necessary to restart services sometimes do not appear in the Alarm Dashboard until several minutes after you save the Enterprise Settings changes.

Related topics 

Security settings screen reference

Security configuration procedures

Related information 

Key Manager Server Installation and Configuration Guide.