Importing a CA-signed certificate or a certificate chain of trust
You can import a signed certificate or a certificate chain of trust by using the pending certificates link on the Welcome page of the graphical user interface or the Certificate Direct Import REST Service.
Before you begin
Retrieve the alias of the original certificate signing request for use when you import the returned certificate, which must specify the correct alias.
To look up the
X.500 subject name of a certificate signing request to determine whether it matches
X.500 subject name of the certificate, run the Certificate List REST
Service, by specifying the
state attribute with a value of
- Windows systems:
Open the certificate file directly. A Windows native utility displays the information in the certificate in readable format.
- Other systems:
Import the certificate into IBM® Security Guardium® Key Lifecycle Manager by using a new alias. Then, run the Certificate List REST Service, specifying the alias to view the certificate information.
About this task
- Using graphical user interface
- Log in to the graphical user interface. The Welcome page is displayed.
- In the Action Items section of the Welcome page, in the Key Groups and Certificates area, click Third-party certificates pending import.
- In the Pending Certificates table, select the pending certificate that you want to import.
- Click Import.
- Upload the returned certificate. The returned certificate can be an end-entity
certificate or a certificate chain of trust. Note: If you import a certificate chain of trust, all the certificates in the chain are trusted.
You can upload a certificate by using one of the following options:
- Select this option to upload a certificate file. Click Browse to go to the directory where the certificate file is stored. Select the file and click Open.
- Certificate content
- Select this option to upload the certificate content. When you select this option, a text box is
displayed. Enter the certificate content in the text box.
Ensure that the certificate content includes
- Click Import.
- Using REST interface
- Open a REST client. For more information, see Using Swagger UI.
- Authenticate and authorize to access the IBM Security Guardium Key Lifecycle Manager REST services. For more information, see Authentication process for REST services.
- Run the Certificate Direct Import REST Service. In the request body of the REST, you can select the certificate file or enter the certificate text. Specify the alias of the certificate. For the
usageparameter, specify the value as
What to do next
After the certificate or certificate chain of trust is imported, it is listed in the server certificates table. To view the table, go to Server Certificates tab to manage the imported certificate or certificate chain of trust. For more information, see Managing server certificates. . Use the options on the