Breadcrumbs

Use the Local CA to Sign CSR

The CSR now needs to be signed by the local CA.

  1. Using a text editor (or using the more <filename> command), open the KMIP_client.csr file.

  2. Select the entire text and copy to your clipboard.

  3. Now, login to the Management Console and navigate to Security > Certificates & CAs > Local Cas

Be sure to include the first and last lines (-----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST--–––).

  1. Select the CA used by your ESKM (in this case, LocalCA), and click Sign Request. The Sign Request window appears.


tmp1zqzn6_w.jpg

Sign Certificate Request window

  1. For Certificate Purpose, select Client.

  2. Paste the CSR text that you have copied to your clipboard (Step 2 above) into the Certificate Request window.

  3. Click Sign Request. The signed client certificate now appears.

tmp_m5yb7we.jpg

Certificate Information window

  1. After signing the certificate request with a local CA, click on Download to download the file.

  2. Save as the correct name; in this case, /var/lib/mysql/mysql-keyringokv/ssl/cert.pem

For Windows, execute the steps 1 to 8 from Use the local CA to sign CSR section and then follow step 10.

  1. Save as the correct name; in this case, C:\Program Files\MySQL\MySQL Server 8.0\mysql-keyring-okv\ssl - > cert.pem