Setting up mTLS authentication

Mutual authentication (mTLS) requires the exchange of public certificates between Unified Key Orchestrator (UKO) and IBM Guardium Key Lifecycle Manager.

Procedure

  1. Import the UKO certificate. When you import the UKO certificate, for the Trust this certificate for field, select the UKO option.
    For instructions, see Importing a system peripheral certificate.
  2. Create a IBM Guardium Key Lifecycle Manager server certificate that you want to be trusted in UKO.
    For instructions, see Creating a server certificate. You can also use an existing server certificate.
  3. Download the IBM Guardium Key Lifecycle Manager server certificate.
    For instructions, see Downloading a server certificate.
  4. Import the downloaded server certificate in UKO to trust IBM Guardium Key Lifecycle Manager requests.
  5. Import the downloaded server certificate in ICSF and associate the certificate with a user. This associated user credentials are used when a client connects with this certificate. For more information, see the Support for mTLS section in UKO documentation.

What to do next

Set up master key in UKO. For instructions, see Setting up the master key in Unified Key Orchestrator.