Creating a client by using the graphical user interface
Use the Clients page to create a client in the IBM® Security Guardium® Key Lifecycle Manager server for key management operations. You can create a client and add managed objects to it. You can also use the page to modify and delete the client, and to add managed objects to it.
About this task
- Using KMIP
- Using IBM Security Guardium Key Lifecycle Manager REST APIs
- An existing client certificate that is not in use by another client.
- A pending client certificate.
- A stored client certificate that can be imported.
Also, you can specify the users who can perform the key management operations. These users must exist in the WebSphere® Application Server Liberty with the klmUser role.
- Log in to the graphical user interface.
Click the Clients menu. The Clients page is displayed.
In the Clients tab, click
Create. The Create Client page is displayed.
- Specify the client name.
- Select an application usage type from the Client Usage list. The
Client Usage list includes the following values.
Application usage type Description Oracle Specifies that this client is used for Oracle TDE configuration. MongoDB Specifies that this client is used for MongoDB configuration. VMware Specifies that this client is used for VMware configuration. FileNet Specifies that this client is used for FileNet configuration. NetApp Specifies that this client is used for NetApp configuration. Db2 Specifies that this client is used for Db2 configuration. Generic Specifies a client that uses the Key Management Interoperability Protocol to interact with IBM Security Guardium Key Lifecycle Manager.Note: The usage type is only a label for your information to know which client is created for what purpose. IBM Security Guardium Key Lifecycle Manager does not verify whether the client is created for the selected usage type.
- Click Save. The client is created. You can now associate a client certificate, users, and objects to it.
- To add a client certificate to the client, click
Add. The Add Client Certificate dialog is displayed.
- Select a client certificate for secure communication with the server and click
Save. You can select any of the following options:
Client certificate Description Associate unused client certificate Use an existing client certificate from the database, which is not in use by any other client. From the Certificate from keystore list, select the required certificate. Accept pending client certificate Select a certificate from the list of pending certificates. These certificates are pushed to the server from a client and are yet to be accepted for communication with the server.
To accept the client communication certificate and mark it as trusted, in the Certificate name box, enter a name for the certificate, and then from the Certificate list, select a certificate.
Import client certificate Import a client certificate to IBM Security Guardium Key Lifecycle Manager. In the Certificate name box, enter a name for the certificate.
To upload the certificate, select one of the following options:
- File: Select this option to upload the certificate file. Click Browse to select the certificate file to be imported.
- Certificate content: Select this option to upload the certificate content. Copy the content of the certificate from Begin Certificate to End Certificate and paste it in the text box that is displayed. Click Save, and then Close.
- To add users to the client, click Add. The Add Users dialog is displayed.
- From the Users list, select the user that you want to add to the
client and click Add Users. Repeat this step for other users. After you added
all the users, click Save. Click Cancel to close the
dialog. The added users have the required permissions to manage the cryptographic objects that are associated with the client.
- To add objects to the client, click Add. The Add Objects dialog is displayed.
- To add objects to the client, select the type of object from the Select object type list. Specify the values for the fields.
- Click Save and Add more objects to add more objects to the client.
Click Save and Exit if you do not want to add more objects. Click
Exit to close the dialog. The List of available objects table lists all the added objects.
- Click Exit to exit the Create Client page.