How to Identify the EKM SSL Port1. Start the Encryption Key Manager server using the command line.v On Windows, navigate to cd c:\ekm and click startServer.batv On Linux platforms, navigate to /var/ekm and enter startServer.shv See “Starting, Refreshing, and Stopping the Key Manager Server” on page5-1 for more information.2. Start the CLI client using the command line.v On Windows, navigate to cd c:\ekm and click startClient.batv On Linux platforms, navigate to /var/ekm and enter startClient.shv See “The Command Line Interface Client” on page 5-5 for more information.3. Login to a CLI client on the Encryption Key Manager server using thefollowing command:login –ekmuser userID –ekmpassword passwordwhere userID = EKMAdmin and password = changeME (This is the defaultPassword. If you previously changed the default password use your newpassword.)Once login is successful User successfully logged in is displayed.4. Identify the SSL port by entering the following command:statusThe displayed response should be similar to this: server is running. TCPport: 3801, SSL port: 443.Make a note of the SSL configured port and ensure it is the port used toconfigure your library-managed encryption settings.5. Logout from the command line. Enter the following command:exitClose the command window.Generating Keys and Aliases for Encryption on LTO 4 and LTO 5The Dell Encryption Key Manager Server GUI is the easiest way to generatesymmetric encryption keys (see “Using the GUI to Create a Configuration File,Keystore, and Certificates” on page 3-5). You can also use the Keytool utility togenerate symmetric encryption keys. Keytool is especially useful for importing andexporting keys between different keystores. See “Importing Data Keys UsingKeytool -importseckey ” on page 3-12 and “Exporting Data Keys Using Keytool-exportseckey ” on page 3-12 for details.Keytool is a utility for managing keys, certificates, and aliases. It enables you togenerate, import, and export your encryption data keys and store them in akeystore.Each data key in the keystore is accessed through a unique alias. An alias is astring of characters, such as 123456tape. In JCEKS keystores, 123456Tape would beequivalent to 123456tape and allow access to the same entry in the keystore. Whenyou use the keytool -genseckey command to generate a data key, you specify acorresponding alias in the same command. The alias enables you to identify thecorrect key, in the correct key group and keystore, for use in writing and readingencrypted data on LTO 4 and LTO 5 tape.Chapter 3. Installing the Encryption Key Manager and Keystores 3-9||