The three Key Custodians and the Domain Administrator must now authenticate themselves to the appliance in the Validate Credentials panel of the KMTool. For each role—Key Custodian 1, Key Custodian 2, Key Custodian 3, and Domain Administrator—follow these steps:
-
Select the appropriate Custodian role from the drop-down menu.
-
If your role is the Domain Administrator, provide your Admin Username (the default administrator username is administrator1) and the DID of your domain.
-
If the KC is physically located in front of the appliance, the KC inserts their USB token into the appliance.
-
Click Browse and select the appropriate KC credential file—it will have a filename that matches their role.
-
The KC types in their password to the credential file in the Password field.
-
Click Verify to ensure that the password unlocks the credential file correctly. If the password is correct, a message will appear on the bottom of the tool, as shown here:
-
If the password verification is successful, click Validate to send the credential to the appliance for validation. If the process works correctly, a success message will appear on the bottom of the screen: “Successfully validated [role]'s credential on server.” Once the DA and all KCs have successfully validated their credentials, KMTool will unlock the second and third panels.