Downloading a server certificate

You can download a TLS or KMIP server certificate or a certificate signing request (CSR) file from the IBM® Security Guardium® Key Lifecycle Manager server to your local file system by using the graphical user interface or REST interface.

Before you begin

Ensure that your user ID has the required role (klmFileTransfer or klmSecurityOfficer) to transfer files from and to the server.
Only for Internet Explorer browser: Ensure that the value of the File download property is set to Enable.
To access this property, go to Internet options > Security > Local intranet zone or Trusted sites > Downloads.

Procedure

Using graphical user interface
1. Log in to the graphical user interface.
2. Click Advanced Configuration > System Certificates.
  The Server Certificates tab is displayed.
3. In the Server Certificates table, identify the certificate that you want to download.
4. In the row of the identified certificate, click the Download icon.
5. In the Download Certificate dialog, select the certificate type.
6. Click Download.
  The certificate file or certificate signing request file is downloaded to the default download directory of the browser.
Using REST interface
1. Open the Swagger UI. For more information, see Using Swagger UI.
2. Authenticate and authorize to access IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
3. Go to the System communication certificates management section.
4. Run the Export System Certificate REST Service.
  For example, to export a certificate, you can send the following HTTP request:
```
GET https://localhost:port/SKLM/rest/v1/system/certificates/export/server_cert2?format=DER'
```

Results

The file is downloaded in the folder that is configured as the default download folder of your browser.