Managing client device communication certificates
IBM® Security Guardium® Key Lifecycle Manager provides a set of operations to manage certificates of client devices that communicate with IBM Security Guardium Key Lifecycle Manager.
To establish secure communication between a client device and the IBM Security Guardium Key Lifecycle Manager server, their certificates must be exchanged and saved in their respective keystore.
You can define a set of certificates for client devices that IBM Security Guardium Key Lifecycle Manager server can trust to allow secure communication between the device and the server. Certificates are used for TLS and KMIP communication.
For TLS clients, trusted client certificates might be required when TLS authentication is set to Server/Client. For KMIP, trusted client certificates might be required to authenticate the KMIP client. TLS and KMIP certificates are shared. When you change any certificate, both the protocols are impacted.
Use the Client Device Certificates page to view all the added or imported certificates. To access this page, log in to the graphical user interface, click the Advanced Configuration tab and select Client Device Certificates. The page displays all the imported certificates in a table.
You can upload a certificate from your local file system or mapped drive to the IBM Security Guardium Key Lifecycle Manager server. You can import a certificate, change its trust setting, and also remove a certificate from the list of trusted certificates.
Client device certificate management
Operation | Graphical user interface | REST service |
---|---|---|
Accepting pending devices | Accepting pending devices | - |
Importing a client device certificate into the IBM Security Guardium Key Lifecycle Manager server | Importing a client device certificate | Certificate Import REST Service |
Modifying a client device certificate | Modifying a client device certificate | Certificate Update REST Service |
Deleting a client device certificate | Deleting a client device certificate | Delete Certificate REST Service |
Managing preinstalled client root certificates | Managing preinstalled client root certificates | - |