尝试使用外部密钥管理器 (DD OS) 7.1 (KeySecure) 启用加密

Summary: 使用 KeySecure 配置的加密密钥管理未完成,并显示“无法同步密钥”等错误。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

KeySecure 服务器日志不显示 Data Domain 尝试通信。防火墙端口已打开。显示错误:

Error message : Failed to synchronize keys, error code = 5308

Data Domain 文件系统 (FS) ddfs信息日志显示以下内容:

9/21 18:40:22.025 (tid 0x7f032e42cd50): INFO: dd_km_plugin_finalize_intern_keysecure: KeySecure is not configured, will not finalize
09/21 18:40:30.019 (tid 0x7f032e42cd50): ERROR: dd_km_plugin_init_intern_keysecure: KeySecure plugin initialization failure. Error : -75
09/21 18:40:38.010 (tid 0x7f032e42cd50): ERROR: dd_km_plugin_get_active_key_by_class_keysecure: Failed to synchronize keys. Status: -75
09/21 18:40:38.010 (tid 0x7f032e42cd50): NOTICE: [cp_keys_enable_ext_key_mgr] Error [Failed to synchronize keys] in retrieving the active key
09/21 18:40:48.000 (tid 0x7f032e42cd50): ERROR: KeySecure is not configured correctly. Response status : -75
09/21 18:40:48.000 (tid 0x7f032e42cd50): ERROR: [dd_keysecure_plugin_get_dd_err] KMIP returned error[-75]
09/21 18:40:56.181 (tid 0x7f032e42cd50): ERROR: KeySecure is not configured correctly. Response status : -75
09/21 18:40:56.181 (tid 0x7f032e42cd50): ERROR: [dd_keysecure_plugin_get_dd_err] KMIP returned error[-75]

Cause

在使用外部证书颁发机构时,将证书链中的所有证书导入到 Data Domain。中间证书颁发机构 (CA) 的证书必须作为 KeySecure 的可信证书导入到 DD 中。

Resolution

请参阅 DD OS 和 Gemalto 的 SafeNet KeySecure 集成指南,以验证是否已遵循所有步骤。(需要以注册用户身份登录戴尔支持才能查看此文档。)如果问题仍然存在,请从本地网络安全团队获取有关为 KeySecure SSL 证书导入中间 CA 的说明。

Affected Products

Data Domain
Article Properties
Article Number: 000183757
Article Type: Solution
Last Modified: 28 Mar 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.