Creating an image certificate or certificate request

As a first activity, create image certificates or certificate requests for IBM® Security Guardium® Key Lifecycle Manager.

1. Go to the appropriate page or directory.
   • Graphical user interface:
     1. Log on to the graphical user interface.
     2. In the Key and Device Management section on Welcome page, select DS8000.
     3. Click Go to > Guided key and device creation.
     4. Alternatively, right-click DS8000 and select Guided key and device creation.
   • Command-line interface
     1. Go to the <WAS_HOME>/bin directory. For example,

        Windows

        cd drive:\Program Files\IBM\WebSphere\AppServer\bin

        Linux®

        cd /opt/IBM/WebSphere/AppServer/bin

     2. Start the wsadmin interface by using an authorized user ID, such as SKLMAdmin. For example,

        Windows

        wsadmin.bat -username SKLMAdmin -password mypwd -lang jython

        Linux

        ./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython

   • REST interface:
     • Open a REST client.
2. Create an image certificate or request a certificate.
   • Graphical user interface:
     1. On the On Step 1: Create Certificates page, click Create on the Certificates table.
     2. On the Create Certificate dialog, select either a self-signed certificate, or a certificate request for a third-party provider.
     3. Specify values for the required and optional parameters.
     4. Click Create Certificate.
   • Command-line interface:
     • Certificate

       Type tklmCertCreate to create a certificate and a public and private key pair, and store the certificate in an existing keystore. For example, type:

       print AdminTask.tklmCertCreate ('[-type selfsigned 
       	-alias sklmCertificate -cn sklm -ou sales -o myCompanyName 
       		 -usage DS8000 -country US -keyStoreName defaultKeyStore 
       				-validity 999]')

     • Certificate request

       Type tklmCertGenRequest to create a PKCS #10 certificate request file. For example, type:

       print AdminTask.tklmCertGenRequest('[-alias sklmCertificate3 
       	-cn sklm -ou sales -o myCompanyName -locality myLocation 
       		-country US -validity 999 -keyStoreName defaultKeyStore 
       			-fileName myCertRequest3.crt -usage DS8000]')

   • REST interface:
     • Certificate
       1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
       2. To invoke Create Certificate REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.

          POST https://localhost:<port>/SKLM/rest/v1/certificates
          Content-Type: application/json
          Accept : application/json
          Authorization: SKLMAuth authId=139aeh34567m
          Accept-Language : en
          {"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":"sales",
          "o":"myCompanyName","usage":"DS8000","country":"US","validity":"999", "
          algorithm ": " RSA " }

     • Certificate request
       Use Certificate Generate Request REST Service to create a PKCS #10 certificate request file. For example, you can send the following HTTP request by using a REST client:

       POST https://localhost:<port>/SKLM/rest/v1/certificates
       Content-Type: application/json
       Accept : application/json
       Authorization: SKLMAuth authId=139aeh34567m
       {"type":"certreq","alias":"sklmCertificate3","cn":"sklm","ou":"sales","o":
       "myCompanyName","usage":"DS8000","country":"US","validity":"999","fileName":
       "myCertRequest1.crt","algorithm":"ECDSA"}