AddNewCertsToPending
Specifies whether to add a certificate to the list of pending certificates that you can accept or reject before key serving occurs, or to add a certificate automatically to the certificate table for immediate key service upon request. The attribute applies to predefined base device families and user-defined device groups.
To modify AddNewCertsToPending, you must have a role with permissions to modify a device group.
- AddNewCertsToPending={0 | 2}
- Specifies whether to add a certificate that contacts IBM Security Guardium Key Lifecycle Manager to a list of pending certificates that you can
accept or reject before key serving occurs, or to add a certificate automatically to the certificate
table for immediate key service upon request.
- Required
- Yes.
- Values
-
- 0 (manual)
- The auto pending function is off. All incoming certificates are rejected, and not added to the
data store. You must manually add certificates.
The corresponding choice in the graphical user interface is Only accept manually added certificates for communication.
- 2 (auto pending)
- The auto pending function is on. All incoming certificates are added to a pending list, but are
not automatically served keys upon request. You must accept or reject a certificate in the pending
certificates list before the device is served keys upon request.
The corresponding choice in the graphical user interface is Hold new certificate requests pending my approval.
- Default
- 0 (off. You must manually add certificates to IBM Security Guardium Key Lifecycle Manager.)
- Example
AddNewCertsToPending=2
Suggested settings include:
| Device group | Suggested value for AddNewCertsToPending attribute |
|---|---|
| GPFS | Manual (AddNewCertsToPending=0) is suggested.
|
| PEER_TO_PEER | Manual (AddNewCertsToPending=0) is suggested.
|