Registering a client by using the graphical user interface

Use the Clients page to register a client with the IBM® Security Guardium® Key Lifecycle Manager server for key management operations. You can register a client and add managed objects to it. You can also use the page to modify, delete the client, and to add managed objects to it.

About this task

IBM Security Guardium Key Lifecycle Manager supports two methods by which a client can communicate with the IBM Security Guardium Key Lifecycle Manager server for key management:
  • Using KMIP
  • Using IBM Security Guardium Key Lifecycle Manager REST APIs
For information about the KMIP method, see Using KMIP to manage and serve keys, certificates, and other cryptographic objects, and for information about the REST API method, see Using REST APIs to manage and serve keys, certificates, and other cryptographic objects. When you accept a pending certificate, its client is automatically registered and displayed on the Clients page.
While registering the client, you can specify one of the following certificates to be used for communication:
  • An existing client certificate that is not in use by another client.
  • A pending client certificate.
  • A stored client certificate that can be imported.
You can also register the client without associating a certificate. You can later associate by selecting certificate from the pending certificate list. Click the Pending client registration requests link on the dashboard to select the certificate. If you accept, the certificate is imported into the database and marked as trusted. The certificate can then be used for secure communication between the client and IBM Security Guardium Key Lifecycle Manager. You can also associate a certificate when you modify client information.

Also, you can specify the users who can perform the key management operations. These users must exist in the WebSphere® Application Server Liberty with the klmUser role.

Procedure

  1. Log in to the graphical user interface by using your credentials.
  2. Click the Clients menu.
    The Client page is displayed.
  3. Click Register.
  4. In the Register Client tab, enter a name for the client.
  5. Select a client certificate for secure communication with the server.
    Client certificate Description
    None Register the client without an associated client communication certificate.
    Use existing client certificate not in use Use an existing client certificate from the database, which is not in use by any other clients. From the Certificate from keystore list, select the required certificate.
    Accept pending client certificate Select a certificate from the list of pending certificates. These certificates are pushed to the server from a client and are yet to be accepted for communication with the server. To accept the client communication certificate and mark it as trusted, in the Certificate name box, enter a name for the certificate, and then from the Certificate list, select a certificate.
    Import client certificate Import a client certificate into IBM Security Guardium Key Lifecycle Manager. In the Certificate name box, enter a name for the certificate. Click Browse to select the certificate file to be imported.
  6. From the Users list, select the users to be associated with the client.
    The selected users will have the required permissions to manage the cryptographic objects that are associated with the client.
  7. Click Register Client.

What to do next

Add or associate cryptographic objects with the registered client. For more information, see Adding cryptographic objects by using the graphical user interface.