Creating a self-signed TLS/KMIP server certificate

As a first activity, you might create a TLS/KMIP server certificate for use with IBM® Security Guardium® Key Lifecycle Manager.

Procedure

  1. Log on to the graphical user interface.
  2. Click the Review the configuration parameters and/or create a TLS server certificate link.

    Immediately after you install IBM Security Guardium Key Lifecycle Manager, the Review the configuration parameters and/or create a TLS server certificate link is the only available option to configure IBM Security Guardium Key Lifecycle Manager for TLS handshake with the client devices. This link is not visible if you previously created a TLS server certificate.

  3. Alternatively, on the Welcome page, click Configuration > TLS/KMIP > Launch Server Configuration Wizard.
  4. Click Create TLS/KMIP Server Certificate.
  5. On the Add TLS/KMIP Certificate dialog, select Create self-signed certificate.
  6. Specify values for the parameters according to your requirements.
  7. Click Create Certificate.

What to do next

You might need to export the IBM Security Guardium Key Lifecycle Manager TLS/KMIP server certificate that you created to a file in an encoded format for use by the client device. Click the Export Certificate link or click the Export TLS/KMIP Server Certificate tab. You can also export an existing TLS/KMIP server certificate by selecting Use an existing certificate. See Exporting a server certificate.