Specifying port and timeout settings

You can change the default port and timeout settings that IBM® Security Guardium® Key Lifecycle Manager provides.

About this task

You can use the Key Serving Ports page to change port and timeout settings. Alternatively, you can use the following REST services to list and change the appropriate properties in the SKLMConfig.properties file:

Get Single Config Property REST Service and Update Config Property REST Service

Before you begin, determine whether there are port or timeout conflicts at your site that prevent from using the IBM Security Guardium Key Lifecycle Manager default values. Your role must have the permission to the configure action.

Procedure

  1. Go to the appropriate page or directory:
    • Graphical user interface:

      Log on to the graphical user interface. Click IBM Security Guardium Key Lifecycle Manager > Configuration > Key Serving Ports.

    • REST interface:
      • Open a REST client.
  2. Change the value for the port or timeout settings:
    • In the graphical user interface, change one or more of these settings, and then click OK:
      TCP port
      IBM Security Guardium Key Lifecycle Manager uses default port 3801. Values can range from 1024 to 65535. The value that you set also changes the value of the TransportListener.tcp.port property in the SKLMConfig.properties file. You must ensure that the port is not already in use by another application.
      TCP timeout (in minutes)
      IBM Security Guardium Key Lifecycle Manager uses a default timeout value of 10 minutes. Values can range from 1 to 120. The value that you set also changes the value of the TransportListener.tcp.timeout property in the SKLMConfig.properties file.
      TLS port
      IBM Security Guardium Key Lifecycle Manager uses default port 1441. Values can range from 1024 to 65535. The value that you set also changes the value of the TransportListener.ssl.port property in the SKLMConfig.properties file.
      TLS timeout (in minutes)
      IBM Security Guardium Key Lifecycle Manager uses a default timeout value of 10 minutes. Values can range from 1 to 120. This configuration parameter is associated with the value of the TransportListener.ssl.timeout property in the SKLMConfig.properties file.
      KMIP TLS port
      KMIP uses default port 5696.Values can range from 1024 to 65535. This configuration parameter is associated with the value of the KMIPListener.ssl.port property in the SKLMConfig.properties file.
      IBM Security Guardium Key Lifecycle Manager agent port
      Agent uses default port 60015 to communicate with IBM Security Guardium Key Lifecycle Manager server. You can update the default agent port number only when the IBM Security Guardium Key Lifecycle Manager instance is not configured for multi-master setup.
    • REST interface:
      1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      2. To run Get Single Config Property REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
        Service request
        GET https://localhost:<port>/SKLM/rest/v1/configProperties/
        TransportListener.tcp.port
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth userAuthId=139aeh34567m
        Accept-Language: en
        Success response
        Status Code : 200 OK
        Content-Language: en
        {"TransportListener.tcp.port" : "3801"}
      3. Specify the required change. For example, to specify a different TCP port number, send the following service request:
        PUT https://localhost:<port>/SKLM/rest/v1/configProperties
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language: en
        {"TransportListener.tcp.port": "3802"}

What to do next

To put a change such as a port number into effect, restart the Guardium Key Lifecycle Manager server.