Administering storage images and image certificates

To administer storage images and image certificates, you might want to determine their status. You can map their association, or add, modify, or delete specific certificates or storage images.

About this task

Before you begin, examine the columns on the page, which provides buttons to add, modify, or delete a table item. To sort information, click a column header.

Use the DS8000® Key and Device Management page to map image certificates to storage images and to determine status of items in the table. You might add, modify, or delete image certificates or storage images. Your role must have permissions to the view action and to the appropriate device group.

The table is organized in these areas:

In left columns, information about certificates indicates the certificate name, the expiration date, and status of the certificate.
In right columns, information about storage images indicates the storage image name and associated image certificate.

Status icons indicate the status of a certificate.

Table 1. Status icons and their meanings
Icon	Description
	Certificate is in an active state.
	Certificate is in a compromised state.
	Certificate expires soon.
	Certificate is in an expired state.
	Certificate valid from future date, for migrated certificates with a future use time stamp.
	IBM® Security Guardium® Key Lifecycle Manager has third-party certificate requests that are waiting to be signed and imported.

Procedure

Log on to the graphical user interface.
1. In the Key and Device Management section on Welcome page, select DS8000.
2. Click Go to > Manage keys and devices.
3. Alternatively, right-click DS8000 and select Manage keys and devices.
Descriptions of some steps describe alternatives by using the graphical user interface or the REST interface. For any one work session, do not switch between interfaces.

Descriptions of some tasks might mention task-related properties in the SKLMConfig.properties file. Use the graphical user interface or the REST interface to change these properties.
On the DS8000 Key and Device Management page, you can add, modify, or delete a storage image or image certificate.
You can do the following administrative tasks:
- Add
  Click Add. Alternatively, you can select a step-by-step process to create certificates and storage images.
  - Certificate
    On the Create Certificate page, select the certificate type as either the self-signed or a request from a third-party provider, and complete the required information. Then, click Create Certificate. Your role must have the permissions to the create action and to the appropriate device group. To make this certificate the default, your role must have permission to the modify action.
  - Storage image
    On the Add Storage Image page, type the storage image information. Then, click Add Storage Image. Your role must have the permission to the create action and a permission to the appropriate device group.
  - Use step by step process for certificate and storage image creation
    On the Step1: Create Certificates and Step2: Identify Images pages, enter the necessary information.
  A success indicator varies, showing a change in a column for the certificate or storage image.
- Modify
  To change information about a storage image or view information about a certificate, select a certificate or storage image, and then click Modify. Alternatively, right-click the selected certificate or storage image. Then, click Modify, or double-click the certificate or storage image entry.
  - Certificate
    View read-only information in the Modify Certificate page. Your role must have the permissions to the modify action and to the appropriate device group.
  - Storage image
    Specify changes in the Modify Storage Image page. Then, click Modify Storage Image. Your role must have permissions to the modify action and to the appropriate device group.
  A success indicator varies, showing a change in a column for the certificate or storage image. Changes to some information, such as optional fields, might not be provided in the table.
- Delete
  To delete a certificate or storage image, verify that the correct certificate or storage image was selected. Then, click Delete. Alternatively, right-click the selected certificate or storage image. Then, click Delete.
  - Certificate
    Ensure that you have a current backup of the keystore before you delete a certificate. Any storage image that is written by using this certificate becomes non-readable after the certificate is deleted. The certificate to be deleted can be in any state, such as active. Regardless of its state, you cannot delete a certificate that is:
    
    Associated with a storage image.
    
    Marked by a DS8000 Turbo drive as a primary certificate for image or secondary certificate for image.
    Deleting a certificate deletes the material from the database.
    
    To confirm deletion, click OK. Your role must have the permissions to the delete action and to the appropriate device group.
  - Storage image
    Metadata for the storage image that you delete, such as the serial number, is removed from the IBM Security Guardium Key Lifecycle Manager database. To confirm deletion, click OK. Your role must have permissions to the delete action and to the appropriate device group.
  A success indicator is deletion of the certificate or storage image from the administration table.