OpenSSL is one tool that can be used to make the PKCS12 file in the proper format for loading in the HDS Setup Tool. There
are other ways to do this, and we do not support or promote one way over another.
If you do choose to use OpenSSL, we are providing this procedure as a guideline to help you create a file that meets the X.509
certificate requirements in Complete the Prerequisites for Hybrid Data Security. Understand those requirements before you continue.
Start this procedure when you receive the server certificate from your Certificate Authority (CA).
When you receive the server certificate from your CA, save it as hdsnode.pem.
Display the certificate as text, and verify the details.
openssl x509 -text -noout -in hdsnode.pem
Use a text editor to create a certificate bundle file called hdsnode-bundle.pem. The bundle file must include the server certificate, any intermediate CA certificates, and the root CA certificates, in
the format below:
### Server certificate. ###
### Intermediate CA certificate. ###
### Root CA certificate. ###
Create the .p12 file with the friendly name kms-private-key.
Enter a password at the prompt to encrypt the private key so that it is listed in the output. Then, verify that the private
key and the first certificate include the lines friendlyName: kms-private-key.