User-Supplied TLS Certificate Requirements
If you create your own TLS certificates to import onto the library for use with Scalar Key Manager (SKM), you must observe all of the following requirements. If any of the below requirements is not met, none of the certificates will be imported.
- The Root Certificate (also called the CA certificate, or Certificate Authority Certificate) needs to be 2048 bits.
- The Root Certificate must be in PEM format.
- Admin and Client certificates must be in pkcs12 format, with a separate certificate and private key contained in each.
- Admin and Client certificates must be 1024 bits.
- Admin and Client certificates must be signed by the Root Certificate.
- The Admin certificate must have its Organizational Unit name set as "akm_admin" in its Subject Info.
- The Organization in the Subject Info for all certificates must match the value specified in the setup script on the SKM server.
- The same Root Certificate must be installed on the SKM servers and the library.
- All the certificates must be within their validity period, according to the library's date and time settings.
See also: