Importing a system peripheral certificate

Import the server certificate of the system peripheral that you want to configure with IBM Guardium Key Lifecycle Manager.

About this task

To set up secure communication between IBM Guardium Key Lifecycle Manager and system peripherals (for example, LDAP), import and trust the system peripheral certificates.

Use the Import Certificate dialog or the Import System Peripheral Certificate REST Service to import the certificate of the system peripheral that you want to configure with IBM Guardium Key Lifecycle Manager.
Note: If you import a certificate chain, all the certificates in the chain are trusted.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Configuration > System certificates.
    4. On the System certificates page, click Trusted certificates > Import certificates.
    5. In the Import certificate dialog box, complete the following fields.
      Fields Description
      Certificate name Specify the certificate name.
      Upload certificate You can select one of the following options to upload a certificate:
      • File - From your local system, drag the file or click the link to select the file to upload.
      • Certificate content- When you select Certificate content, a text box is displayed. Enter the certificate content directly in the text box. The text must include the Begin Certificate and End Certificate statements.

        If multiple certificates exist in a single file (for example, in a certificate chain), enter the entire content of the certificate in the text box.
      Trust this certificate for Select the system peripheral for which you want to trust this certificate.
      LDAP
      Use this certificate for a secure communication between LDAP server and IBM Guardium Key Lifecycle Manager.
      Email server
      Use this certificate for a secure communication between notification email server and IBM Guardium Key Lifecycle Manager.
      OIDC
      Use this certificate for a secure communication between OIDC server and IBM Guardium Key Lifecycle Manager.
      Syslog
      Use this certificate for a secure communication between syslog server and IBM Guardium Key Lifecycle Manager.
      UKO
      Use this certificate for a secure communication between Unified Key Orchestrator (UKO) and IBM Guardium Key Lifecycle Manager.
      Database
      Use this certificate for a secure communication between Db2 for z/OS® database and the containerized IBM Guardium Key Lifecycle Manager application.
      Multi-Master host certificate
      Use this certificate for a secure communication between a Multi-Master host and IBM Guardium Key Lifecycle Manager.
    6. Click Import certificate.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI
    2. Authenticate and authorize to access IBM Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Go to the System communication certificates management section.
    4. Run the Import System Peripheral Certificate REST Service.
      For example, to import a server certificate, you can send the following HTTP request:
      POST https://localhost:port​/GKLM​/rest​/v1​/system​/certificates​/truststore​/import