The CSR needs to be signed by the local CA.
-
View the
KMIP_client.csrfile created above using the cat command (cat kmip_client.csr) or open it using any text editor. -
Select the entire text and copy it to the clipboard.
Be sure to include the first and last lines (-----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST--–––)”.
-
Log in to the Management Console and navigate to Security > Certificates & CAs > Local CAs.
-
Select the CA used by your ESKM (in this case, ESKMLocalCA), and click Sign Request. The Sign Request window is displayed.
Sign Certificate Request
-
For Certificate Purpose, select Client.
-
Paste the CSR text that you have copied to your clipboard (Step 2 above) into the Certificate Request window.
-
Click Sign Request. The signed client certificate is displayed.
Certificate Information
-
Copy the signed client certificate data to the clipboard.