Importing a server certificate

You can import a server certificate to the IBM® Security Guardium® Key Lifecycle Manager keystore.

About this task

Use the Import Certificate dialog or the Import System Certificate REST Service to import the server certificate to the IBM Security Guardium Key Lifecycle Manager keystore.

Procedure

  • Using graphical user interface
    1. Log in to the graphical user interface.
    2. Click Advanced Configuration > System Certificates.
    3. Go to the Server Certificates tab.
    4. In the Server Certificates table, select the server certificate that you want to import.
    5. Click Import.
    6. In the Import Server Certificate dialog, complete the following details:
      Fields Description
      Keystore name and location Select the keystore file to which you want to import the certificate.
      Password Specify the password of the keystore.

      This parameter is required if the type of the certificate is private key. If the private key is exported in the PKCS #12 file format, ensure that the file is wrapped with a method that is approved by FIPS before the file leaves the computer.
      Key alias in keystore Specify the current alias in the keystore.
      Key alias in destination Specify the new alias.
      Use this certificate for Select one or more of the following usage types for the certificate:
      • UI access: Select this option to use this certificate to access GUI, Swagger UI, REST APIs, and for REST-based key serving.
      • Key serving: Select this option to use the certificate for key serving over IPP and KMIP.
      • EKMF Web: Select this option to establish secure communication between IBM Security Guardium Key Lifecycle Manager and EKMF Web.
    7. Click Import.
  • Using REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Go to the System communication certificates management section.
    4. Run the Import System Certificate REST Service.
      For example, to import a server certificate, you can send the following HTTP request:
      POST https://localhost:port/SKLM/rest/v1/system/certificates/keystore/import