Setting up mTLS authentication

Mutual authentication (mTLS) requires the exchange of public certificates between EKMF Web and IBM Security Guardium Key Lifecycle Manager.

Procedure

  1. Import the EKMF Web certificate. When you import the EKMF Web certificate, for the Trust this certificate for field, select the EKMF Web option.
  2. Create a IBM Security Guardium Key Lifecycle Manager server certificate that you want to be trusted in EKMF Web.
    For instructions, see Creating a server certificate. You can also use an existing server certificate.
  3. Download the IBM Security Guardium Key Lifecycle Manager server certificate.
    For instructions, see Downloading a server certificate.
  4. Import the downloaded server certificate in EKMF Web to trust IBM Security Guardium Key Lifecycle Manager requests.
  5. Import the downloaded server certificate in ICSF and associate the certificate with a user. This associated user credentials are used when a client connects with this certificate. For more information, see the Support for mTLS section in EKMF Web documentation.

What to do next

Set up master key in EKMF Web. For instructions, see Setting up the master key in EKMF Web.