Importing a client device certificate

You can import a client device certificate to set up secure communication between IBM® Security Guardium® Key Lifecycle Manager and the client device.

About this task

You can use the Client Device Certificates page under Advanced Configuration or the Certificate Import REST Service to import a client device certificate.

Procedure

  • Using graphical interface
    1. Log in to the graphical user interface.
    2. Go to Advanced Configuration > Client Device Certificates.
      The Client Device Certificates page is displayed.
    3. Click Import.
      The Import TLS/KMIP Certificate for Clients dialog is displayed.
    4. In the Import TLS/KMIP Certificate for Clients dialog, specify the following values:
      • Certificate name: Enter the name of the certificate to be imported.
      • Upload certificate: To upload a certificate file, select one of the following options:
        • File: Select File and click Browse. Go to the location of the certificate file. Select the file and click Open.
        • Certificate content: When you select Certificate content, a text box is displayed. Enter the certificate text into the text box. The certificate text must include the BEGIN CERTIFICATE and END CERTIFICATE statements.

          If multiple certificates exist in a single file, for example, a certificate chain, copy the entire certificate text and enter it into the text box.

    5. For the Device Group field, click Select. Select the device group and click Select.
      This information is used to send a notification that the certificate for the selected device group is expiring or has expired. For setting up the notification feature, see Configuring a notification channel.
      Note: The device group selection is for information purpose only. The certificate is not restricted to be used by only the selected device group and can be used by other device groups.
    6. Select the Allow the server to trust this certificate and communicate with the associated client device checkbox to trust the certificate.
    7. Click Import.
      A confirmation message is displayed. Click Close.
  • Using the REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Go to the Certificate management section.
    4. Run the Certificate Import REST Service.
      For example, to import a client certificate, you can send the following HTTP request:
      POST https://localhost:port/SKLM/rest/v1/certificates/import
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      {"fileName":"/mycertfilenam.base64","alias":"newsklmCert","format":"base64",
      "usage":"3592"}
      Response:
      Status Code: 200 OK
      {"code":"0","status":"Succeeded"}

Results

The imported client certificate is listed in the Client Device Certificates table. It is now ready to use for TLS and KMIP communication.