The next step is to create a dedicated key server instance for the exchange of keys between the KeySecure appliance and the connector client. Adding a new key server instance specifically for communication between the KeySecure server and the Centrify Connector is not strictly required. However, this is the recommended approach to isolate the communication channel.
To create a new key server instance:
- Click the Devices tab to display the Cryptographic Key Server Configuration.
- Click Add to create a new key management server instance.
The options to add, edit, and delete key server instances are restricted. If you don’t see these options, you need to log on using different administrative account credentials.
Select KMIP as the server protocol, type the port number and select Use SSL, then select the KeySecure server certificate from the list of available certificates.
Click the Security tab, then under Device CAs and SSL Certificates, click Local CA.
Select the local CA certificate, then click Download.
The certificate you download in this step is the certificate you need to upload to the Privileged Access Service to enable secure communication between the KeySecure appliance and the connector.
Rename the downloaded file to use the .cer file extension.