Appendix B. Encryption Key Manager ConfigurationProperties FilesThe Encryption Key Manager requires two configuration property files: one for theEncryption Key Manager server, and one for the CLI client. Each of these files istreated and parsed as a Java.util.Properties load file, which imposes certainrestrictions on the format and specification of properties:v Configuration properties are recorded one-per-line. The value(s) for a givenproperty extend to the end of the line.v Property values, such as passwords, that contain spaces need not be enclosed inquotation marks.v Keystore passwords must not be greater than 127 characters in length.v Accidental whitespace at the end of a line may be interpreted as part of aproperty value.Sample configuration properties files are available for download athttp://support.dell.com in the EKMServicesandSamples file.Encryption Key Manager Server Configuration Properties FileThe following comprises the complete set of properties in the Encryption KeyManager server configuration file (KeyManagerConfig.properties). The order ofproperty settings in the file does not matter. Comments may appear in the file. Toadd a comment, use a “#” in the first column of a line.Note: Changes made to the KeyManagerConfig.properties file may be lost atshutdown. Therefore, be sure the Encryption Key Manager server is notrunning before editing configuration properties. To stop the Encryption KeyManager server issue the stopekm command from the CLI client. Yourchanges are activated when the Encryption Key Manager server is restarted.Admin.ssl.ciphersuites = valueSpecifies the cipher suites to be used for communication betweenEncryption Key Manager servers. A cipher suite describes thecryptographic algorithms and handshake protocols Transport LayerSecurity (TLS) and Secure Sockets Layer (SSL) use for data transfer.Required Optional.Values Possible values are any cipher suites supported byIBMJSSE2.Default JSSE_ALLAdmin.ssl.keystore.name = valueThis is the name of the database of key pairs and certificates used forSecure Socket Layer client operations such as sync commands betweenEncryption Key Manager Servers. In a sync operation, the certificate thatthe Secure Sockets client presents to the Secure Sockets server comes fromthis keystore.Required Optional. Used only with sync command. Defaults to valueof config.keystore.file property.B-1