Modifying an image certificate

You can use the graphical user interface to view read-only information about an image certificate in the IBM® Security Guardium® Key Lifecycle Manager database. Using the REST interface, you can change a limited number of attributes.

About this task

You can use the Modify Certificate dialog to modify a certificate. Alternatively, you can use the following REST services:
  • The Certificate Update REST Service to modify the state of certificates, such as trusted or compromised, and to modify certificate information.
  • The Device Type Attribute Update REST Service to set the certificate as the primary or secondary certificate.
Your role must have the permissions to the modify action and to the appropriate device group.
Note: IBM Security Guardium Key Lifecycle Manager database changes that you make are configured on the DS8000® Turbo drive when the drive contacts IBM Security Guardium Key Lifecycle Manager.

Procedure

  1. Go to the appropriate page or directory.
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select DS8000.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click DS8000 and select Manage keys and devices.
      5. On the management page for DS8000, select a certificate in the Certificates column.
      6. Click Modify.
      7. Alternatively, right-click a certificate and then select Modify, or double-click a certificate entry.
  2. View the certificate information using the graphical user interface or modify the certificate information using the REST interface.
    • Graphical user interface:

      On the Modify Certificate dialog, view the read-only fields.

    • REST interface:
      Use the Certificate List REST Service to find a certificate. For example, you can send the following HTTP request:
      GET https://localhost:port/SKLM/rest/v1/certificates?attributes=
state active 
Content-Type: application/json 
Accept: application/json 
Authorization: SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20 
Accept-Language: en
      Use the Certificate Update REST Service to update a certificate. For example, you can send the following HTTP request:
      PUT https://localhost:port/SKLM/rest/v1/certificates
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
{"uuid":"CERTIFICATE-33fc26e-5fb5a0e66143","usage":
"DS8000","attributes":"information {newinformation}" }

What to do next

Next, you can use the DS8000 Key and Device Management page to associate image certificates with specific storage images.