Importing TLS Certificates

Transport Layer Security (TLS) certificates are unique certificates that must be installed on the library in order for the library to communicate with Scalar Key Manager (SKM) servers.If you purchased your library with firmware version 570G or higher, the library came with TLS certificates pre-installed. You can check the web client to see if certificates are installed (Tools > EKM Management > Import Communication Certificates). If TLS certificates are not installed, you must install them following the procedures below. You may install:

At any time, you may install a new set of TLS certificates to overwrite the existing set. The new TLS certificates must all be valid or the overwrite will not occur and the existing certificates will remain in place.

Installing Quantum-Supplied TLS Certificates

The Quantum-supplied certificates come on a CD which you received. The TLS certificates are bundled in a single file.

  1. Ensure that the date on both SKM servers and the library are set to the current date. Incorrect date settings may interfere with the TLS certificates and cause the library to stop communicating with the SKM servers.
  2. Insert the CD into the CD ROM drive of your computer. Either copy the file to a known location on your computer or use the CD as the location from which you will retrieve the file.
  3. From the Tools menu, select EKM Management > Import Communication Certificates.

    The Tools - EKM Communication Certificate Import screen opens. At the top of the page, the primary and secondary key server status is displayed. If the status is "Not Available," it means there is no communication with the server. The most likely causes are that the server is down, not connected, or not configured correctly on the library; or that no TLS certificates are installed or the TLS certificates are invalid or expired. At the bottom of the page, a message indicates whether TLS certificates are currently installed. If certificates are installed, a table displays below the message containing information about the installed certificates.
  4. Select the Use the Quantum Certificate Bundle check box.
  5. Click the Browse button next to the Quantum Communication Certificate Bundle File field to locate the TLS certificate file.
  6. Click Open.
  7. Click Apply.

    The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:

  8. Verify that the TLS certificates are now installed in the library. At the bottom of the page is a statement letting you know whether the certificates are currently installed. In addition, the three rows of the table at the bottom of the screen should be filled in with the correct information.

Installing Your Own TLS Certificates

You need to provide a Root Certificate file, an Admin Certificate file, and a Client Certificate file. These files must be in the proper format. See User-Supplied TLS Certificate Requirements for the list of requirements.

NOTE: You must be running SKM 1.1 or higher on your SKM servers in order to install your own TLS certificates.

  1. Ensure that the date on both SKM servers and the library are set to the current date. Incorrect date settings may interfere with the TLS certificates and cause the library to stop communicating with the SKM servers.
  2. Place the TLS certificate files in a known location on your computer.
  3. From the Tools menu, select EKM Management > Import Communication Certificates.

    The Tools - EKM Communication Certificate Import screen opens. At the top of the page, the primary and secondary key server status is displayed. If the status is "Not Available," it means there is no communication with the server. The most likely causes are that the server is down, not connected, or not configured correctly on the library; or that no TLS certificates are installed or the TLS certificates are invalid or expired. At the bottom of the page, a message indicates whether TLS certificates are currently installed. If certificates are installed, a table displays below the message containing information about the installed certificates.
  4. Make sure the Use the Quantum Certificate Bundle check box is deselected.
  5. Click the Browse button next to the Root Certificate File. Locate the file and click Open.
  6. Click the Browse button next to the Admin Certificate File. Locate the file and click Open.
  7. Enter an Admin Certificate Password. This is the password you created when you created the Admin Certificate file. The password allows the library to read the file.
  8. Click the Browse button next to the the Client Certificate File. Locate the file and click Open.
  9. Enter a Client Certificate Password. This is the password you created when you created the Client Certificate file. The password allows the library to read the file. If you want to use the same password as the Admin Certificate password, then just select the Use Admin's Password check box.
  10. Click Apply to import the files onto the library.

    The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:

  11. Verify that the TLS certificates are now installed in the library. At the bottom of the page is a statement letting you know whether the certificates are currently installed. In addition, the three rows of the table at the bottom of the screen should be filled in with the correct information.

See also: