Manage Key Management Interoperability Protocol (KMIP) servers in CloudLink Center A KMIP server is used to store public and private keys for encrypted machines. NOTE: The KMIP Server menu is only available in the CloudLink Center Contents panel after a KMIP license is uploaded. CloudLink Center supports the Key Management Interoperability Protocol (KMIP) to enable applications supporting that protocol to securely store keys and certificates. The applications, or KMIP clients, are given access to a single KMIP partition. A KMIP partition is a container for keys and certificates that are created by the client. Multiple clients can be assigned to the same partition. All objects within a partition are encrypted using a key that is saved to the keystore of a partition and are stored in the CloudLink Center database. NOTE: Adding KMIP clients and generating new certificates for KMIP clients functions are unavailable in Microsoft Edge and Internet Explorer. Use Mozilla Firefox or Google Chrome if you must add or modify KMIP clients or generate a new certificate. KMIP Client High Availability (HA) A KMIP Client provides high availability if one of the KMIP servers is unavailable. For example, a KMIP server may become unavailable unexpectedly due to a connection issue. A KMIP server may also become unavailable during periods of planned maintenance. The CloudLink KMIP Client HA supports a KMIP server cluster of up to four KMIP servers. Use the same KMIP certificates, keys, and credentials to access all the KMIP servers. Child TopicsChange KMIP server certificatesUse this procedure to change the KMIP server certificate if required. Change KMIP certificates if the hostnames in the certificate are no longer valid. Change Subject Alternate namesUse this procedure to change the additional host names used for the KMIP server certificate. Download KMIP server certificateUse this procedure to download the current KMIP server certificate. Generate CSR for KMIP serversUse this procedure to generate a certificate signing request (CSR). A certificate authority (CA) must sign the CSR as an intermediate certificate generated by the CloudLink Center. Upload KMIP server CA-signed certificateWhen you upload a KMIP server CA-signed certificate and an optional private key, the web server restarts and the connection is terminated. After uploading the CA-signed certificate, verify the subject, end date, and fingerprint. Any KMIP client certificates that are generated uses this CA-signed certificate. Change KMIP CSR server certificate lifetimeUse this procedure to change the maximum lifetime for KMIP server certificates. Manage KMIP partititionsThis topic provides information about managing KMIP partitions. Manage KMIP clientsThis topic provides information about managing KMIP clients.