You can import a signed certificate or a certificate chain of trust by using the pending
certificates link on the Welcome page of the graphical user interface or the
Certificate Direct Import REST Service.
Before you begin
Before you begin, ensure that the alias of the incoming certificate matches the alias of a
previous certificate signing request. Write the certificate file to a temporary directory.
Retrieve the alias of the original certificate signing request for use when you import the
returned certificate, which must specify the correct alias.
To look up the
X.500
subject name of a certificate signing request to determine whether it matches
the X.500
subject name of the certificate, run the Certificate List REST
Service, by specifying the state
attribute with a value of
pending
.
To look at the subject name of the certificate file, you might take
these steps:
- Windows systems:
Open the certificate file directly.
A Windows native utility displays the information in the
certificate in readable format.
- Other systems:
Import the certificate into IBM Security Guardium Key Lifecycle Manager by using a new alias. Then, run the
Certificate List REST Service, specifying the alias to view the certificate
information.
About this task
You can import a single end-entity certificate or a certificate chain of trust. A
certificate chain of trust can include an end-entity certificate, one or more intermediate
certificate authority (CA) certificates, and a root CA certificate. If you import and trust a
certificate chain of trust, all the certificates in the chain are trusted.
Procedure
- Using graphical user interface
- Log in to the graphical user interface. The Welcome page is
displayed.
- In the Action Items section of the Welcome
page, in the Key Groups and Certificates area, click Third-party
certificates pending import.
- In the Pending Certificates table, select the pending
certificate that you want to import.
- Click Import.
- Upload the returned certificate. The returned certificate can be an end-entity
certificate or a certificate chain of trust.
Note: If you import a certificate chain of trust, all the certificates in the chain are
trusted.
You can upload a certificate by using one of the following options:
- File
- Select this option to upload a certificate file. Click Browse to go to
the directory where the certificate file is stored. Select the file and click
Open.
- Certificate content
- Select this option to upload the certificate content. When you select this option, a text box is
displayed. Enter the certificate content in the text box.
Ensure that the certificate content
includes BEGIN CERTIFICATE
and END CERTIFICATE
statements.
- Click Import.
- Using REST interface
- Open a REST client. For more information, see Using Swagger UI.
- Authenticate and authorize to access the IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
- Run the Certificate Direct Import REST Service.
In the request body of the REST, you can select the certificate file or enter the
certificate text. Specify the alias of the certificate. For the usage
parameter,
specify the value as SSLSERVER
.
What to do next
After the certificate or certificate chain of trust is imported, it is listed in the
server certificates table. To view the table, go to . Use the options on the Server
Certificates tab to manage the imported certificate or certificate chain of trust. For
more information, see Managing server certificates
.