Importing a system peripheral certificate

Import the server certificate of the system peripheral that you want to configure with IBM® Security Guardium® Key Lifecycle Manager.

About this task

To set up secure communication between IBM Security Guardium Key Lifecycle Manager and system peripherals (for example, LDAP), import and trust the system peripheral certificates.

Use the Import Certificate dialog or the Import System Peripheral Certificate REST Service to import the certificate of the system peripheral that you want to configure with IBM Security Guardium Key Lifecycle Manager.
Note: If you import a certificate chain, all the certificates in the chain are trusted.

Procedure

  • Using graphical user interface
    1. Log in to the graphical user interface.
    2. Click Advanced Configuration > System Certificates.
    3. Go to the Trusted Certificates tab.
    4. In the Trusted Certificates table, click Import.
    5. In the Import Certificate dialog box, complete the following fields:
      Fields Description
      Certificate name Specify the certificate name.
      Upload certificate You can select one of the following options to upload a certificate:
      • File: Select File and click Browse. Go to the location of the certificate file. Select the file and click Open.
      • Certificate content: When you select Certificate content, a text box is displayed. Enter the certificate content directly in the text box. The text must include the Begin Certificate and End Certificate statements.

        If multiple certificates exist in a single file (for example, in case of a certificate chain), enter the entire content of the certificate in the text box.
      Trust this certificate for Select the system peripheral for which you want to trust this certificate.
      LDAP
      Use this certificate for secure communication between the LDAP server and IBM Security Guardium Key Lifecycle Manager.
      Email Server
      Use this certificate for secure communication between the notification email server and IBM Security Guardium Key Lifecycle Manager.
      OIDC
      Use this certificate for secure communication between OIDC server and IBM Security Guardium Key Lifecycle Manager.
      Syslog
      Use this certificate for secure communication between the syslog server and IBM Security Guardium Key Lifecycle Manager.
      EKMF Web
      Use this certificate for secure communication between EKMF Web and IBM Security Guardium Key Lifecycle Manager.
      Database
      Use this certificate for secure communication between the Db2® for z/OS® database and the containerized IBM Security Guardium Key Lifecycle Manager application.
      Multi-Master host certificate
      Use this certificate for secure communication between a Multi-Master host and IBM Security Guardium Key Lifecycle Manager.
    6. Click Import.
  • Using REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI
    2. Authenticate and authorize to access IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Go to the System communication certificates management section.
    4. Run the Import System Peripheral Certificate REST Service.
      For example, to import a server certificate, you can send the following HTTP request:
      POST https://localhost:port​/SKLM​/rest​/v1​/system​/certificates​/truststore​/import