The WKD will pull public keys from EKM on each request. Therefore, the WKD server needs to be able to access the EKM over the internal network. Use this option if you want a simple setup. The advantage is that WKD doesn’t need to have its own database.
If your organization has restrictions on traffic from DMZ to LAN, you should be using the push option instead.
You’ll need to set the following properties on the WKD to enable the Pull Sync option:
| Property | Description |
|---|---|
store.type |
Pull public keys from EKM. Example: LivePullFromEkmStore
|
store.ekm.url |
URL where the WKD can reach the EKM over the internal network. Example: https://ekm.your.org
|
truststore.file optional |
Java trust store which holds public certificates/keys used to verify HTTPS cert on EKM. Example: truststore.p12
|
truststore.password optional |
Password for the truststore file. Example: password
|