With the KMIP-KeyManagement-Plugin, you can use any key management server meeting the Key Management Interoperability Protocol (KMIP). When selecting this plugin, configure the following settings.

KMIP Server URL  

The URL of the KMIP server.

https://<host>:<port>/kmip

Where:

  • <host> is the hostname or IP address of the KMIP server.
  • <port> is the port of the KMIP server.

For example:

https://172.30.141.241:5696/kmip

Client Credential file format    

The file format for importing the client credentials. When selecting PKCS#12, configure the following additional parameters.

Parameter

Value

​Client PKCS#12    

A PKCS#12 file containing the key pair, certificate, and certification chain of the client.

PKCS 12 and Key Password    

The password of the PKCS#12 file and the private key of the client.

When selecting PEM, configure the following additional parameters. 

The below parameters do not support encrypted PEM keys.

Parameter

Value

Client Key & Certificate 

A file in PEM format containing the private key and certificate of the client.

CA Certificate Chain    

A file in PEM format containing the certification chain of the client certificate.

Key Algorithm    

The algorithm for generating the keys. Currently, only RSA is supported (default option).

Key Size    

The bit size of the generated keys. Currently, only 2048 is supported (default option).

Digital Signature Algorithm    

The algorithm for signing the certificate requests:

  • SHA256 (default option) 
  • SHA512

Start Date    

The starting date for the background job that synchronizes the certificate states in Certificate Hub with the certificate states in the KMIP server.

Enable hostname verification    

Mark this checkbox for validating the KMIP server certificate in each connection.

KMIP Version    

The version used by the KMIP server. The dropdown menu only lists supported versions.