Installing TLS Certificates on the SKM Server for Pre-SKM 2.4 (240Q) 27Scalar Key Manager 2.5Note: Remember, you must repeat all preceding steps on the secondary SKMserver.16 Proceed to Configuring Your Library For SKM on page 38.Requirements forInstalling User-providedTLS CertificatesWhen providing your own certificates, it is assumed you understand the concepts of PKIand can access the tools or third-party resources needed to generate or obtaincertificates.Note: You must be running SKM 1.1 or higher on your SKM servers in order to installyour own TLS certificates.Note: If you install your own TLS certificates on the SKM server, you must also installyour own certificates on the library. Similarly, if you use the Quantum-providedTLS certificates on the SKM server, you must also use the Quantum provided TLScertificates on the library. Some newer libraries come with Quantum-providedTLS certificates pre-installed, and other newer libraries require certificateinstallation. See your library user’s guide for instructions on how to verifywhether TLS certificates are installed on the library and how to install them.You need to provide the following certificates:• Root Certificate (also called the CA certificate, or Certificate Authority Certificate)• Server Certificate• Admin CertificateThese files must be in the proper format, as follows. If any of the following requirementsis not met, none of the certificates will be imported.• The Root Certificate must be 2048 bits.• The Root Certificate must be in PEM format.• The Admin and Server certificates must be in pkcs12 (.p12) format, with a separatecertificate and private key contained in each.• The Admin and Server certificates must be signed by the Root Certificate.• Certificates must have the Organization name (O) set in their Issuer and Subject info.• The Admin certificate must have its Organizational Unit name (OU) set as“akm_admin” in its Subject Info.• The same Root Certificate must be installed on the SKM servers and the library.• All the certificates must have a valid validity period according to the date and timesettings on the SKM server.