You can modify the communication certificates for the devices in the IBM Security Guardium Key Lifecycle Manager database.
Before you begin
Ensure that you have the klmSecurityOfficer and
PEER_TO_PEER roles.
About this task
You can update the communication certificate for one device or for multiple devices at a
time.
You can update the certificate for devices in multiple PEER_TO_PEER device groups that have the
same WWNN (worldwide node name) value as in the new certificate. Ensure that the new certificate is
signed by a certificate authority (CA) and is trusted in IBM Security Guardium Key Lifecycle Manager.
Procedure
- To update a single device certificate, use the graphical user interface:
-
Log on to the graphical user interface.
-
In the Key and Device Management section on Welcome page, select
PEER_TO_PEER.
-
Click .
-
Alternatively, right-click PEER_TO_PEER and select Manage
keys and devices.
-
On the management page for
PEER_TO_PEER
, select a device.
-
Click Modify.
-
Alternatively, right-click a device and then select Modify, or
double-click a device entry.
-
On the Modify Device Certificate dialog box, select a certificate that has
the same WWNN as the earlier device certificate.
-
Click Modify.
The device information is changed in the table.
- To update multiple device certificates with a new certificate, use the REST
interface:
- Open a REST client.
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- Run the Bulk Certificate Update REST Service.
What to do next
Verify the updates.