KeySafe 5 Administration
This section is applicable to the Keysafe 5 Appliance Management component of the system.
Use a web browser to navigate to and then to log into the Keysafe 5 Appliance Management UI at https://<node-ip-address>/appliance
using an account with Security Admin privileges
Keysafe 5 Settings
To view the current Keysafe 5 settings which indicates the MongoDB database mode and a means of downloading the Keysafe 5 Agent install media:
-
In the top menu bar, click Settings.
-
In the Application Settings section, click KeySafe5 Settings.
MongoDB Database
Keysafe 5 stores its data in MongoDB databases, these can be either be internal to the cluster, or Keysafe 5 can be configured to point to an external MongoDB server.
Internal Database
If Keysafe 5 is configured to use an internal MongoDB server, then this will be indicated by the Keysafe 5 setting stating the following:
MongoDB Database Mode: Internal
The internal MongoDB database can be used with other Entrust products, such as the nShield Web Services product. This requires a set of TLS certificates, and a private key for the secure connection with the Internal MongoDB server. These certificates can be obtained by following the steps below.
Before You Begin
-
Generation of an appropriate Certificate Signing Request (CSR) is required prior to following these steps, for more information on generating a CSR please see MongoDB CSR Generation.
Procedure
-
Log into the Keysafe 5 Appliance Management UI using an account with Security Admin privileges.
-
In the top menu bar, click Settings.
-
In the Application Settings section, click KeySafe5 Settings.
-
Click MongoDB Client Certificates.
-
In the Upload CSR File section, click Load File and select the CSR file you wish to use for certificate generation.
-
Click Generate and Download Certificate to download the certificate bundle from the cluster node.
The certificate bundle is a .zip file you must unpack. It contains both the CA certificate and a TLS certificate in .pem format.
-
The downloaded certificates can now be copied to the machine where the other Entrust product is installed. For information about the location, see the guide relevant to your system: Installation and Upgrade Guide or the OVA Installation Guide.
External Database
If Keysafe 5 is configured to use an external MongoDB server, then this will be indicated by the Keysafe 5 setting stating the following:
MongoDB Database Mode: External
To configure Keysafe 5 to use an external MongoDB Server please follow the steps below
Before You Begin
Ensure you have the following information:
-
MongoDB server hostname or IP address
-
MongoDB replica set name
-
CA Certificate (in pem format)
-
Client Certificate (in pem format)
-
Client private key
-
Client private key passphrase (if required)
Optionally you may require:
-
Username
-
Password
-
Authentication database name
Procedure
Entrust recommends that this procedure is performed on the master node. |
-
Log into the Keysafe 5 Appliance Management UI using an account with Security Admin privileges.
-
In the top menu bar, click Settings.
-
In the Application Settings section, click KeySafe5 Settings.
-
Click Configuration Options > MongoDB.
-
Select External MongoDB Database as the MongoDB Database Mode.
-
Populate the form using the information gathered above.
-
Click Test Configuration to verify the connection to the external MongoDB server.
-
If this fails, please verify the information entered is correct and that the Keysafe 5 cluster has network access to the external MongoDB server.
-
-
Click Apply
-
Keysafe 5 will now restart its internal services and distribute the configuration change to all other nodes, this will take a few minutes to complete.