Adding an image certificate or certificate request

You can add more image certificates or certificate requests for use with IBM Security Guardium Key Lifecycle Manager. Before you begin, determine your site policy on the use of certificates.

About this task

You can use the Create Certificate dialog. Alternatively, you can use the following REST services to create certificates or certificate requests:
  • Create Certificate REST Service
  • Certificate Generate Request REST Service
Your role must have the permissions to the create action and to the appropriate device group. To make this certificate the default, your role must have permission to the modify action.

Procedure

  1. Go to the appropriate page or directory.
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select DS8000.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click DS8000 and select Manage keys and devices.
      5. On the management page for DS8000, click Add.
      6. Click Certificate.
    • REST interface:
      • Open a REST client.
  2. Create a certificate or request a certificate.
    • Graphical user interface:
      1. On the Create Certificate page, select either a self-signed certificate, or a certificate request for a third-party provider.
      2. Specify values for the required and optional parameters. Then, click Create Certificate.
    • REST interface:
      • Certificate
        Use Create Certificate REST Service to create a certificate and a public and private key pair, and store the certificate in an existing keystore. For example, you can send the following HTTP request by using a REST client:
        POST https://localhost:port/SKLM/rest/v1/certificates
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language : en
        {"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":
        "sales","o":"myCompanyName","usage":"DS8000","country":"US","validity":
        "999", "algorithm ": " RSA " }
      • Certificate request
        Use Certificate Generate Request REST Service to create a PKCS #10 certificate request file. For example, you can send the following HTTP request by using a REST client:
        POST https://localhost:port/SKLM/rest/v1/certificates
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"type":"certreq","alias":"sklmCertificate3","cn":"sklm","ou":
        "sales","o":"myCompanyName","usage":"DS8000","country":"US","validity":
        "999","fileName":"myCertRequest3.crt","algorithm":"ECDSA"}

What to do next

Your next action depends on whether you created a certificate or a certificate request.
  • Certificate:

    You can associate a certificate with a specific storage image.

  • Certificate request:

    Manually send the certificate request to a certificate authority. When the signed certificate returns, import the certificate by using a pending action item on the Welcome panel, or by using the Certificate Import REST Service.