Modifying a device

You can modify the communication certificates for the devices in the IBM Security Guardium Key Lifecycle Manager database.

Before you begin

Ensure that you have the klmSecurityOfficer and PEER_TO_PEER roles.

About this task

You can update the communication certificate for one device or for multiple devices at a time.

You can update the certificate for devices in multiple PEER_TO_PEER device groups that have the same WWNN (worldwide node name) value as in the new certificate. Ensure that the new certificate is signed by a certificate authority (CA) and is trusted in IBM Security Guardium Key Lifecycle Manager.

Procedure

  1. To update a single device certificate, use the graphical user interface:
    1. Log on to the graphical user interface.
    2. In the Key and Device Management section on Welcome page, select PEER_TO_PEER.
    3. Click Go to > Manage keys and devices.
    4. Alternatively, right-click PEER_TO_PEER and select Manage keys and devices.
    5. On the management page for PEER_TO_PEER, select a device.
    6. Click Modify.
    7. Alternatively, right-click a device and then select Modify, or double-click a device entry.
    8. On the Modify Device Certificate dialog box, select a certificate that has the same WWNN as the earlier device certificate.
    9. Click Modify.

      The device information is changed in the table.

  2. To update multiple device certificates with a new certificate, use the REST interface:
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run the Bulk Certificate Update REST Service.

What to do next

Verify the updates.