Setting up mTLS authentication
Mutual authentication (mTLS) requires the exchange of public certificates between EKMF Web and IBM Security Guardium Key Lifecycle Manager.
Procedure
- Import the EKMF Web certificate. When you
import the EKMF Web certificate, for the Trust
this certificate for field, select the EKMF Web
option. For instructions, see Importing a system peripheral certificate.
- Create a IBM Security Guardium Key Lifecycle Manager server certificate
that you want to be trusted in EKMF Web. For instructions, see Creating a server certificate. You can also use an existing server certificate.
- Download the IBM Security Guardium Key Lifecycle Manager server
certificate. For instructions, see Downloading a server certificate.
- Import the downloaded server certificate in EKMF Web to trust IBM Security Guardium Key Lifecycle Manager requests.
- Import the downloaded server certificate in ICSF and associate the certificate with a user. This associated user credentials are used when a client connects with this certificate. For more information, see the Support for mTLS section in EKMF Web documentation.