Drive security key creation failed

The storage array was unable to create a security key as the storage array's client certificate does not match any of the existing users on the key management server.

Recovery Steps

  1. The problem can be resolved by regenerating the storage array's client certificate to match an existing user on the key management server or by adding a new user to the key management server that matches the storage array's client certificate.

    • If you want to regenerate the storage array's client certificate to match an existing user on the key management server, go to step 2.

    • If you want to add a new user to the key management server that matches the storage array's client certificate, go to step 6.

  2. Determine what user you wish to use from your key management server and what field in the client certificate is linked to the user attribute.

  3. Complete and download a client certificate signing request (CSR), making sure to input the desired user value in the associated field of the CSR form.

    1. Go to Settings > Certificates. Then select the Key Management tab.

    2. Select Complete CSR to complete and download a client certificate signing request, making sure to input the desired user value in the associated field of the CSR form.

  4. Create and download a client certificate from the key management server using the downloaded csr file.

  5. Ensure the new client certificate and the server certificate for the key management server is available on your local host. Then, go to step 8.

  6. Determine what field in the client certificate is linked to the user attribute on your key management server and create a new user that matches the value of the associated field in the storage array's client certificate on your key management server.

  7. Ensure the client certificate and a copy of the key management server's server certificate is available on your local host.

  8. Create a new external security key.

    1. Go to Settings > System.

    2. Select the Create External Key link in the Security key management section and create an external security key.

  9. Select Recheck to ensure the problem has been resolved.