KMS Configuration Syntax

The KMS Configuration is used for Prognosis Key Management Systems using External Key Management Servers such as CryptSoft that utilizes the KMIP Protocol.

SUBSYS KMS

SERVER (<IP|FQDN>[:<KMSPort>])
CLIENT-CERT (<ClientCertificate>)
CLIENT-KEY (<ClientKey>)
CA-CERT (<CACertificate>)
DEPLOYMENT-ID (<DeploymentID>)

Syntax Elements

SERVER (<IP|FQDN>[:<KMSPort>])

Specify the external Key Management system server

<IP>The IP address of the KMS server, provide either the KMS Server IP or FQDN.
<FQDN>The Fully Qualified Domain Name of the KMS server, provide either the KMS Server IP or FQDN.
<KMSPort>The port number used for the KMIP protocol. If not specified, the default port for KMIP protocol is 5696

CLIENT-CERT (<ClientCertificate>)

Specify the location of the client Certificate to allow safe communication with the KMS Server

<ClientCertificate>The file path of the client certificate installed locally on the Monitoring Server

 CLIENT-KEY (<ClientKey>)

Specify the location of the client Private Key associated with the Client Certificate

<ClientKey>The file path of the private client key installed locally on the Monitoring Server

CA-CERT (<CACertificate>)

Specify the location of the trusted Certificate Authority, CA.

<CACertificate>The file path of a trusted Certificate Authority root certificate to verify client certificates that a CA has issued and signed.

DEPLOYMENT-ID (<DeploymentID>)

Specify a unique Deployment Identification for use on this Monitoring Server.

<DeploymentID>

This can be any unique name. It is recommended to use a prefix in all Deployment Identifications that represent the organization. The KMS deployment is a group of Monitoring Servers that use one KMS Configuration. This is to ensure that the key names are distinct from other deployments in the case where more than one deployment is using the same KMS server.

Further details on configuring KMS can be found in Configuration for Key Management Service




Provide feedback on this article