Modifying a server certificate

You can modify only the usage type of a server certificate. You can select another usage type, but cannot clear the existing usage type that you selected when you created or imported the server certificate.

About this task

You can use a server certificate for key serving, UI access, or Unified Key Orchestrator (UKO) communication. You can select only one server certificate for key serving at a time. Similarly, you can select only one server certificate for UI access at a time.

If you want to change the current certificate for key serving or UI access, select another certificate for key serving or UI access. The usage type of the current certificate for key serving or UI access becomes Not in use or Unknown.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Configuration > System certificates.
    4. On the System certificates page, click Server certificates.
    5. Select the certificate that you want to modify from the list and click the overflow menu icon (Options).
    6. From the overflow menu options, click Modify.
    7. On the Modify certificate window, modify the certificate usage type.
    8. Click Modify certificate.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access IBM Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
    3. Go to the System communication certificates management section.
    4. Run the Update System Certificate REST Service.
      For example, you can send the following HTTP request:
      PUT https://localhost:port/GKLM/rest/v1/system/certificates
{
  "alias": "server_cert",
  "addUsageSubtype": "UKO_TLS, SERVERGUI_TLS",
  "removeUsageSubtype": "KEYSERVING_TLS"
}