As a first activity, create image certificates or certificate requests for IBM Security Guardium Key Lifecycle Manager.
About this task
You can use the
Create Certificate dialog or any of the following REST
services to create certificates or certificate requests:
- Create Certificate REST Service
- Certificate Generate Request REST Service
Your role must have the permissions to the
create action and to the appropriate device group. To make this certificate the default, your role
must have permission to the modify action.
Procedure
-
Go to the appropriate page or directory.
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
DS8000.
- Click .
- Alternatively, right-click DS8000 and select Guided key and
device creation.
- REST interface:
-
Create an image certificate or request a certificate.
- Graphical user interface:
- On the On Step 1: Create Certificates page, click
Create on the Certificates table.
- On the Create Certificate dialog, select either a self-signed certificate,
or a certificate request for a third-party provider.
- Specify values for the required and optional parameters.
- Click Create Certificate.
- REST interface:
- Certificate
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- To invoke the Create Certificate REST Service, send the HTTP POST request.
Pass the user authentication identifier that you obtained in
Step a
along with the
request message as shown in the following
example:POST https://localhost:port/SKLM/rest/v1/certificates
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
{"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":"sales",
"o":"myCompanyName","usage":"DS8000","country":"US","validity":"999", "
algorithm ": " RSA " }
- Certificate request
Use the
Certificate Generate Request REST Service to
create a
PKCS #10
certificate request file. For example, you can send the following
HTTP request by using a REST
client:
POST https://localhost:port/SKLM/rest/v1/certificates
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
{"type":"certreq","alias":"sklmCertificate3","cn":"sklm","ou":"sales","o":
"myCompanyName","usage":"DS8000","country":"US","validity":"999","fileName":
"myCertRequest1.crt","algorithm":"ECDSA"}
What to do next
Next, go to the next step to define specific storage images, and specify certificates for the
storage images. Select Step 2: Identify Images or click Go to Next
Step.