Creating an image certificate or certificate request

As a first activity, create image certificates or certificate requests for IBM Security Guardium Key Lifecycle Manager.

About this task

You can use the Create Certificate dialog or any of the following REST services to create certificates or certificate requests:
  • Create Certificate REST Service
  • Certificate Generate Request REST Service
Your role must have the permissions to the create action and to the appropriate device group. To make this certificate the default, your role must have permission to the modify action.

Procedure

  1. Go to the appropriate page or directory.
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select DS8000.
      3. Click Go to > Guided key and device creation.
      4. Alternatively, right-click DS8000 and select Guided key and device creation.
    • REST interface:
      • Open a REST client.
  2. Create an image certificate or request a certificate.
    • Graphical user interface:
      1. On the On Step 1: Create Certificates page, click Create on the Certificates table.
      2. On the Create Certificate dialog, select either a self-signed certificate, or a certificate request for a third-party provider.
      3. Specify values for the required and optional parameters.
      4. Click Create Certificate.
    • REST interface:
      • Certificate
        1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
        2. To invoke the Create Certificate REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example:
          POST https://localhost:port/SKLM/rest/v1/certificates
          Content-Type: application/json
          Accept : application/json
          Authorization: SKLMAuth authId=139aeh34567m
          Accept-Language : en
          {"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":"sales",
          "o":"myCompanyName","usage":"DS8000","country":"US","validity":"999", "
          algorithm ": " RSA " }
      • Certificate request
        Use the Certificate Generate Request REST Service to create a PKCS #10 certificate request file. For example, you can send the following HTTP request by using a REST client:
        POST https://localhost:port/SKLM/rest/v1/certificates
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth authId=139aeh34567m
        {"type":"certreq","alias":"sklmCertificate3","cn":"sklm","ou":"sales","o":
        "myCompanyName","usage":"DS8000","country":"US","validity":"999","fileName":
        "myCertRequest1.crt","algorithm":"ECDSA"}

What to do next

Next, go to the next step to define specific storage images, and specify certificates for the storage images. Select Step 2: Identify Images or click Go to Next Step.