Creating a generic KMIP client

You can create a generic KMIP client in IBM Guardium Key Lifecycle Manager and add managed objects to it for the key management operations. The generic client usage type serves the devices that operate on Key Management Interoperability Protocol (KMIP). The IBM Guardium Key Lifecycle Manager server supports the KMIP communication with generic KMIP clients to manage the keys.

About this task

The following methods are supported for the communication between a generic KMIP client and the IBM Guardium Key Lifecycle Manager server.

Key Management Interoperability Protocol (KMIP). For more information, see Using KMIP to manage and serve cryptographic objects.
IBM Guardium Key Lifecycle Manager REST APIs. For more information, see Using REST APIs to manage and serve cryptographic objects.

Procedure

Complete the following steps to crate a generic KMIP client by using IBM Guardium Key Lifecycle Manager graphical user interface:
1. Log in to the IBM Guardium Key Lifecycle Manager graphical user interface.
2. On the home page, click the menu icon at the upper left of the page.
3. Click Endpoint management > Catalog.
4. Alternatively, on the IBM Guardium Key Lifecycle Manager home page, click the catalog icon in the Configured endpoints widget.
5. On the Catalog page, from the Product type list, select Generic KMIP Client.
6. On the GENERIC KMIP CLIENT tile, click Add.
7. On the Add endpoint or client name window, specify a client name.
8. Select the usage type as Generic.
9. Click Add.
10. To see the generic KMIP client that you created, from the main menu, click Endpoint management > Configured endpoints. Alternatively, on the home page, you can see the generic KMIP client name in the Configured endpoints widget.
Complete the following steps to crate a generic KMIP client by using a REST interface:
1. Open the Swagger UI. For more information, see Using Swagger UI.
2. Authenticate and authorize to access the IBM Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
3. Run Create Generic KMIP Client REST Service by sending the HTTP POST request. Pass the user authentication identifier that you obtained in Step 2 along with the request message as shown in the following example.
```
POST https://localhost:port/GKLM/rest/v1/clients
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
{"clientName":"client_rest1","clientType":"Generic"}
```
4. Verify that the generic KMIP client exists by sending the following HTTP GET request.
```
GET https://localhost:port/GKLM/rest/v1/clients
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
```
For more information, see Create Generic KMIP Client REST Service.

What to do next

You might want to add symmetric keys, key pairs, and associate a certificate to the generic KMIP client that you created. For more information, see Administering generic KMIP clients and cryptographic objects.