For external key management, you import two types of certificates for authentication between the storage array and the key management server so the two entities can trust each other.
A client certificate validates the storage array’s controllers, so the key management server can trust their Key Management Interoperability Protocol (KMIP) requests. To obtain a client certificate, you use System Manager to complete a CSR for the storage array. You can then upload the CSR to a key management server and generate a client certificate from there. Once you have a client certificate, copy that file to the host where you are accessing System Manager.
A key management server certificate validates the key management server, so the storage array can trust its IP address. Retrieve the server certificate file from the key management server, and then copy that file to the host where you are accessing System Manager.