You can import a client device certificate to set up secure communication between
IBM® Security Guardium® Key Lifecycle Manager and the client device.
About this task
You can use the Client Device Certificates page under
Advanced Configuration or the Certificate Import REST Service to import a client device
certificate.
Procedure
- Using graphical interface
- Log in to the graphical user interface.
- Go to .
The Client Device
Certificates page is displayed.
- Click Import.
The Import TLS/KMIP
Certificate for Clients dialog is displayed.
- In the Import TLS/KMIP Certificate for Clients dialog, specify
the following values:
- Certificate name: Enter the name of the certificate to be imported.
- Upload certificate: To upload a certificate file, select one of the
following options:
- File: Select File and click
Browse. Go to the location of the certificate file. Select the file and click
Open.
- Certificate content: When you select Certificate
content, a text box is displayed. Enter the certificate text into the text box. The
certificate text must include the
BEGIN CERTIFICATE
and END
CERTIFICATE
statements. If multiple certificates exist in a single file, for example, a
certificate chain, copy the entire certificate text and enter it into the text box.
- For the Device Group field, click
Select. Select the device group and click
Select.
This information is used to send a notification that the
certificate for the selected device group is expiring or has expired. For setting up the
notification feature, see
Configuring a notification channel.
Note: The device group selection is for information purpose only. The certificate is not restricted
to be used by only the selected device group and can be used by other device groups.
- Select the Allow the server to trust this certificate and communicate with
the associated client device checkbox to trust the certificate.
- Click Import.
A confirmation message is displayed.
Click Close.
- Using the REST interface
- Open the Swagger UI. For more information, see Using Swagger UI.
- Authenticate and authorize to access IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
- Go to the Certificate management section.
- Run the Certificate Import REST Service.
For example, to import a client certificate, you can send the following HTTP
request:
POST https://localhost:port/SKLM/rest/v1/certificates/import
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"base64",
"usage":"3592"}
Response:
Status Code: 200 OK
{"code":"0","status":"Succeeded"}
Results
The imported client certificate is listed in the Client
Device Certificates table. It is now ready to use for TLS and KMIP
communication.