mTLS KMS configuration

mTLS protocol authentication is supported on MCM version 6.3.4 and is compatible with MCS 1.1.1 onwards. The mTLS configuration works on the SKY, CKS KMS, with valid certificates, config alias, and asset ID’s.

To configure SKY, CKS KMS for mTLS, follow the steps below.

  1. Navigate to KMS → Certificates on the MCM9000. Follow the steps here to upload the Certificate and Private Key needed for mTLS authentication.

     

     

  2. Navigate to KMS → KMS Configuration on the MCM9000.

  3. Click on the add icon highlighted in red to add a KMS type. Give a name and choose the Type as SKY, CKS from the dropdown.

 

3. Fill in the details appropriately.

Fields

Description

Name

Name of the KMS.

Type

Type of KMS (SKY, CKS).

Network

Select the network from the list; the selected Nic will be used to pull the Keys from the KMS system.

Server URL

The Server URL to connect to (Please follow the suggested URL structure).

**For mTLS, it is essential to specify the config alias and asset ID as shown in the Server URL structure.

Username

Username to access the SKY, CKS KMS.

Password

The password to access the SKY, CKS KMS.

Asset IDs

Asset IDs to be replaced in the URL.

Download repetition Rate

The repetition Rate field indicates the period of time that will be used by the system to re-inquire for the Keys.

Click on the toggle switch to disable the Download repetition Rate.

Click on Submit once you fill in all the fields.

4. Scan an OTT channel. Please refer to Scan for a detailed description of Scanning sources.

5. Navigate to Sources → Configuration and edit the channel to set the KMS type to SKY, CKS.

Click on Submit to save the configuration.

  1. The scanned source with SKY CKS, CENC encryption type can be viewed on the Output Mosaic as described in Configure Output Encoder and Viewing the Output Mosaic.