Import the KMC CA certificates on each RSA KMS

The KMC CA certificate files are required on the RSA KMS. Install the files in the Windows Trusted Root Certificate Authority store. If you have more than one RSA KMS, install the certificates on each RSA KMS.

About customer-provided certificates

If using a customer-provided client certificate, you must first import the KMC CA certificates provided with the installation. Once the RSA KMS installation and configuration chapters are complete, load the customer-provided KMC CA certificates. For instructions about loading customer-provided KMC certificates, see the "Manage KMC Certificates" in the Security Configuration Guide.

Procedure 

1. Go to the following folder on the RSA KMS:

   <KMS_media_folder>\<KMCerts>

2. Using the Windows Certificate Snap-in, import the following files into the Windows Trusted Root Certificate Authorities store of the RSA KMS:

   • I360KMCACert.pem

   • I360KMCACert_BackwardCompatibility.pem

3. Verify two KMClientCA entries are displayed under the Trusted Root Certification Authorities > Certificates store.

Related topics 

For information about adding the Windows Certificate Snap-in and importing certificates, see Install IIS TLS certificates on the RSA KMS.