2. Generate the private key (client_private.key) 3. Generate a certificate signing request (.CSR) file from the private key (client.csr) 4. Remove the passphrase from the private key 5. Sign the SSL client.csr certificate 6. Create the client_private.pem chain file by concatenating client.pem wi th client_private.key 7. Import the Client device Certificate into Safenet (client.pem) 8. Verify PEM files with the OPENSSL test 9. Import the x.x.x.x_CA.pem into the Netapp with the security certificate install -type server-ca -subtype kmip-cert -kmip-server-ip <x.x.x.x> -vserver < cluster_vserver> - then hit enter twice so we see the message You should keep a c opy of the private key and the CA-signed digital certificate for future referenc e. which will return to the cluster shell. 10. Import the client_private.pem into the Netapp with the command security ce rtificate install -type client -subtype kmip-cert -vserver <cluster_vserver> 11. Run the security key-manager setup command to configure initial KMIP setting s 12. Then security key-manager add -address x.x.x.x to add the KMIP server 13. security key-manager create-key (Does not rekey disks) 14. security key-manager query 15. storage encryption disk modify -data-key-id