If you want to use a SafeNet KeySecure appliance to store account passwords, you first must configure secure communication between the appliance and the Centrify Connector. Because this is a global setting, it is configured in the Admin Portal for the Privileged Access Service and requires you to have an account in the System Administrator role.
To configure communication between with SafeNet KeySecure:
- Select Switch to Admin Portal from the account name menu.
- Click the Settings tab.
- Select Resources from the list of setting categories, then select SafeNet KeySecure Configuration.
- Type the IP address or the fully-qualified domain name of the key management appliance and specify the port number you configured for the key server instance.
If you have SafeNet KeySecure running on a cluster, you can specify multiple IP addresses separated by colons (:). For example, if configuring communication for a cluster, you would specify a list of IP addresses using a format similar to this:
This example specifies the IP addresses for appliances in a single tier. For more information about working with KeySecure appliances in clusters and specifying multiple tiers, see Working with appliances in a cluster.
Click Upload to navigate to the SafeNet KeySecure Root CA certificate that you downloaded from the KeySecure appliance.
Select the client certificate-issuing authority.
If you select the Centrify-issued certificate, click Download to download the Centrify CA certificate that will make the Centrify‑issued certificate trusted by the SafeNet KeySecure appliance. After downloading the certificate, you can use the SafeNet KeySecure management console to install the certificate on the appliance. For more information about installing the Centrify-issued certificate, see Install the client certificate.
If you select Customer-issued certificate to use the client certificate you created in the KeySecure management console or using another tool, click Upload. You can then navigate to and select the client certificate that you want to use for the Centrify Connector.
Uploading a client certificate you created will prompt you for a password. If the client certificate requires a password to authenticate, type the password then click Continue. If no password is required, simply click Continue without specifying a password.
Click Save to save the configuration settings.
After you have saved the configuration—including uploading or downloading and installing the client certificate—you can verify communication between the Privileged Access Service and the SafeNet KeySecure appliance. However, the option to test the connection is only available after you complete the configuration.
For complete information about installing and configuring a SafeNet KeySecure key management appliance, see the KeySecure Installation and Configuration Guide.