Integrating Ranger KMS DB with CipherTrust Manager HSM

How to integrate Ranger KMS DB with CipherTrust Manager HSM.

This task describes how to integrate Ranger KMS DB with CipherTrust Manager Hardware Security Module (HSM). This process includes configuring the NAE port in Thales Cipher Trust Manager, configuring Ranger DB KMS to interact with Thales CipherTrust HSM, or, migrating Ranger KMS DB Master Key To CipherTrust Manager HSM, and migrating the master key from CipherTrust Manager HSM to Ranger KMS DB.

Ensure you have Thales CipherTrust Manger installed in your enivronment.
Ensure you have Java (jdk1.8.0.232) installed.

Configure NAE port in Thales CipherTrust Manager

Log in to Thales CipherTrust Manager.
In CipherTrust Manager > Admin Settings, select Add Interface.
In Type, Select NAE (default).
In Network Interface, selectAll.
In Port, type a value for the port number.
9000
In Mode, select one of the following options to match your environment:
- No TLS, user must supply password.
- TLS, Ignore client cert. user must supply password.
Click Add.
If selected mode is TLS, ignore client cert, user must supply password while adding interface, then click Edit and Download Current Certificate as shown in the images below. Else, skip this step.
After the certificate is downloaded (e.g -Certificate_nae.txt) copy it to Ranger KMS server
Create a directory on Ranger KMS serverhost under /etc/security.
```
mkdir etc/security/serverKeys
```
and scp the downloaded certificate to this directory. Ensure that the user has required access to the file
```
chown kms:kms etc/security/serverKeys/Certificate_nae.txt
```
```
chmod 755 etc/security/serverKeysCertificate_nae.txt
```
Create a user.
1. Go toAccess Management > Users, click Create New User .
2. In Create a New User, provide a username, password, and any required information.
3. Click Create.