Managing certificates

Administrators can update the IBM® Security Verify Governance application server certificate.

About this task

When the certificates are added to the store, you can use them to securely connect with different endpoints.

Certificates are typically supplied to a particular computer or service. The certificate store is typically managed by virtual appliance administrators.

You can accomplish the following common certificate management tasks:

Examining properties of certificates.
Identifying certificates due for renewal.
Finding certificates.
Importing certificates.
Exporting or backing up certificates.

Procedure

From the top-level menu of the Appliance Dashboard, select Configure > Manage Server Setting > Certificates.
The Certificate Stores page displays the certificate database. For example,
- IBM Security Verify Governance key store
- Local Management Interface key store
- Filebeat key store
- OpenID Connect Provider key store
The Certificate Stores table displays these columns.

Certificate Database Name

The display name that is associated with the database.

Type

The type that is associated with the database. For example, JKS.
Select the certificate store for which you want to see the certificates.
Click Edit.
When you select the database to edit it, the navigation path is displayed on the Certificates page. The navigation path identifies the keystore that you are currently editing. For example, the path is Certificate Stores > IBM Security Verify Governance key store > Certificates.
On the Certificates page, the certificates are specified under these tabs.
Note: Not all certificate stores have both tabs.
- Personal
- Signer
These tabs display the following certificate columns.

Label

The display name that is associated with the certificate.

Subject

The name of the workstation, device, or certificate authority to whom the certificate is supplied.

Issuer

Information about the certificate authority that supplied the certificate.

Not Valid Before

The date and time from which the certificate is valid.

Not Valid After

The date and time after which the certificate is no longer valid.

Key Size

The key length that is associated with the certificate.

Version

The X.509 version number.

On the Certificates page, do one of the following actions from the toolbar.

Option	Description
Update	Note: When you update a certificate in the Personal tab, the existing certificate is replaced by the new one. The existing certificate is not available after the update action. Confirm your action before you update the certificate. You can have only a single certificate in the Personal tab. In the Personal tab, do these steps. Select a certificate record. Click Update to display the Upload Certificate window. Click Browse to search and select the file that you want to import. The certificate information is displayed in the Files to upload table. In Label, specify an ID for the certificate. In Password, specify a password. Select a certificate type from the Type list. PKCS#12 JKS JCEKS CMS Click Save.
Import	In the Signer tab, do these steps. Click Import to display the Import Certificate window. Click Browse to search and select the file that you want to import. The certificate information is displayed in the Files to upload table. In Label, specify an ID for the certificate. Click Save. Restart the server after you import a certificate.
Export	Select a certificate record. Click Export to back up the certificate. Specify a location where you want to back up the exported certificate.
Refresh	Click Refresh to update the list of displayed certificates.
Delete	Note: Signer certificates can be deleted. Personal certificates cannot be deleted. Select a certificate from the certificate store. Click Delete.