1.

Export x.x.x.x_CA.pem from Safenet CA

2.
Generate the private key (client_private.key)
3.
Generate a certificate signing request (.CSR) file from the private key
(client.csr)
4.
Remove the passphrase from the private key
5.
Sign the SSL client.csr certificate
6.
Create the client_private.pem chain file by concatenating client.pem wi
th client_private.key
7.
Import the Client device Certificate into Safenet (client.pem)
8.
Verify PEM files with the OPENSSL test
9.
Import the x.x.x.x_CA.pem into the Netapp with the security certificate
install -type server-ca -subtype kmip-cert -kmip-server-ip <x.x.x.x> -vserver <
cluster_vserver> - then hit enter twice so we see the message You should keep a c
opy of the private key and the CA-signed digital certificate for future referenc
e. which will return to the cluster shell.
10. Import the client_private.pem into the Netapp with the command security ce
rtificate install -type client -subtype kmip-cert -vserver <cluster_vserver>
11. Run the security key-manager setup command to configure initial KMIP setting
s
12.
Then security key-manager add -address x.x.x.x to add the KMIP server
13.
security key-manager create-key (Does not rekey disks)
14. security key-manager query
15. storage encryption disk modify -data-key-id