Downloading a server certificate

You can download a TLS or KMIP server certificate or a certificate signing request (CSR) file from the IBM Guardium Key Lifecycle Manager server to your local file system.

Before you begin

  • Ensure that your user ID has the role klmFileTransfer or klmSecurityOfficer to transfer files from and to the server.
  • Only for Internet Explorer browser - Ensure that the value of the File download property is set to Enable.

    To access this property, go to Internet options > Security > Local intranet zone or Trusted sites > Downloads.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Configuration > System certificates.
    4. On the System certificates page, click Server certificates.
    5. Select the certificate that you want to download from the list and click the overflow menu icon (Options).
    6. From the overflow menu options, click Download.
    7. In the Download certificate dialog, select the certificate type.
    8. Click Download.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access IBM Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Go to the System communication certificates management section.
    4. Run the Export System Certificate REST Service.
      For example, to export a certificate, you can send the following HTTP request:
      GET https://localhost:port/GKLM/rest/v1/system/certificates/export/server_cert2?format=DER'

Results

The file is downloaded in the folder that is configured as the default download folder of your browser.