Certificate Vision

The Certificate Vision page is a unified reporting dashboard that gives an insight into all IBM® Security Guardium® Key Lifecycle Manager system certificates, client device certificates, and user certificates.

You can identify the certificates that are expired or expiring. You can view the clear classification of certificates according to their device type, cryptographic algorithm, certificate issuers, and validity period.

This classification of certificates can help you decide on the next steps. For example, you can identify an expiring user certificate that is associated with a critical application in your environment. You can then replace the certificate in the application to avoid any operational disruption.

In the Certificate Vision page, the certificates are categorized into four types:
Note: These certificate categories do not include certificates that are used for the wrapping function in device groups such as 3592 and DS8000®, and their derived device groups.
User certificates
The certificates that are added to a client as a key pair managed object or certificate managed object on the Clients page. User certificates also include the certificates that are associated with client devices that belong to the GPFS and PEER_TO_PEER device family.
To view the complete list of user certificates, see the Clients page and the Key and Device Management page for GPFS device family.
Server certificates
The IBM Security Guardium Key Lifecycle Manager server certificates that are used to access the graphical user interface, Swagger UI, REST APIs, and key servers. These certificates are also used for establishing secure communication with EKMF Web.
To view the complete list of server certificates, see the System Certificates page.
Trusted certificates
The certificates of system peripherals (for example, LDAP, OIDC, EKMF Web) that are trusted in IBM Security Guardium Key Lifecycle Manager.
To view the complete list of trusted certificates, see the System Certificates page.
Devices certificates
The certificates that are used for secure communication between client devices and IBM Security Guardium Key Lifecycle Manager.
To view the complete list of devices certificates, see the Client Device Certificates page.

Certificate expiration summary

You can view the following certificate expiration summary of the certificates:

  • Certificates Expired: The number of certificates that are expired.
  • Certificates Expiring in next 30 days: The number of certificates that are expiring in the next 30 days.
  • Certificates Expiring in next 90 days: The number of certificates that are expiring in the next 90 days.

Click each of the certificate type to view the list of certificates that are expired or expiring. For example, click User Certificates to view the user certificates that are expired or expiring. On the list, double-click a certificate to view its details. You can delete or replace the certificate.

Certificate Vision charts

You can view the following charts:
Device Type
This chart plots the certificates according to the device type that they are associated with.
Signature Algorithm
This chart plots the certificates according to the signature algorithm that they use.
Certificate Authorities
This chart plots the certificates that are issued by a certificate authority (CA) or certificates that are self-signed.
Validity Periods
This chart plots certificates according to the validity periods.

On each chart, you can click a data plot to view the list of certificates. On the list view for Server, Trusted, and Devices certificates, you can import, modify, and delete a certificate. On the list view for User certificates that is displayed, you can delete and replace a certificate.

You can select or clear a legend to show or hide the data plot of a particular category. For example, if you select the User legend, the Device Type chart shows the data plot for user certificates only.