Certificate Vision
The Certificate Vision page is a unified reporting dashboard that gives an insight into all IBM Security Guardium Key Lifecycle Manager system certificates, client device certificates, and user certificates.
You can identify the certificates that are expired or expiring. You can view the clear classification of certificates according to their device type, cryptographic algorithm, certificate issuers, and validity period.
This classification of certificates can help you decide on the next steps. For example, you can identify an expiring user certificate that is associated with a critical application in your environment. You can then replace the certificate in the application to avoid any operational disruption.
- User certificates
- The certificates that are added to a client as a key pair managed object or certificate managed object on the Clients page. User certificates also include the certificates that are associated with client devices that belong to the GPFS and PEER_TO_PEER device family.
- Server certificates
- The IBM Security Guardium Key Lifecycle Manager server certificates that are used to access the graphical user interface, Swagger UI, REST APIs, and key servers. These certificates are also used for establishing secure communication with EKMF Web.
- Trusted certificates
- The certificates of system peripherals (for example, LDAP, OIDC, EKMF Web) that are trusted in IBM Security Guardium Key Lifecycle Manager.
- Devices certificates
- The certificates that are used for secure communication between client devices and IBM Security Guardium Key Lifecycle Manager.
Certificate expiration summary
You can view the following certificate expiration summary of the certificates:
- Certificates Expired: The number of certificates that are expired.
- Certificates Expiring in next 30 days: The number of certificates that are expiring in the next 30 days.
- Certificates Expiring in next 90 days: The number of certificates that are expiring in the next 90 days.
Click each of the certificate type to view the list of certificates that are expired or expiring. For example, click User Certificates to view the user certificates that are expired or expiring. On the list, double-click a certificate to view its details. You can delete or replace the certificate.
Certificate Vision charts
- Device Type
- This chart plots the certificates according to the device type that they are associated with.
- Signature Algorithm
- This chart plots the certificates according to the signature algorithm that they use.
- Certificate Authorities
- This chart plots the certificates that are issued by a certificate authority (CA) or certificates that are self-signed.
- Validity Periods
- This chart plots certificates according to the validity periods.
On each chart, you can click a data plot to view the list of certificates. On the list view for Server, Trusted, and Devices certificates, you can import, modify, and delete a certificate. On the list view for User certificates that is displayed, you can delete and replace a certificate.
You can select or clear a legend to show or hide the data plot of a particular category. For example, if you select the User legend, the Device Type chart shows the data plot for user certificates only.