You can add more image certificates or certificate requests for use with IBM Security Key Lifecycle Manager. Before you begin, determine your site policy
on the use of certificates.
About this task
You can use the
Create Certificate dialog.
Alternatively, you can use any of the following commands or REST services
to create certificates or certificate requests:
- tklmCertCreate or tklmCertGenRequest
- Create Certificate REST Service or Certificate
Generate Request REST Service
您的角色必須具有建立動作的許可權,以及具有適當裝置群組的許可權。 若要將此憑證設為預設憑證,您的角色必須具有修改動作的許可權。 Procedure
- Go to the appropriate page or directory.
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
DS8000.
- Click .
- Alternatively, right-click DS8000 and select Manage keys and
devices.
- On the management page for DS8000, click Add.
- Click Certificate.
- 指令行介面
- 跳至 <WAS_HOME>/bin 目錄。 例如:
- Windows
- cd drive:\Program Files\IBM\WebSphere\AppServer\bin
- Linux
- cd /opt/IBM/WebSphere/AppServer/bin
- 透過使用授權的使用者 ID(例如 SKLMAdmin),啟動 wsadmin 介面。 例如:
- Windows
wsadmin.bat -username SKLMAdmin -password mypwd -lang jython
- Linux
./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython
- Create a certificate or request a certificate.
- Graphical user interface:
- On the Create Certificate page, select either a self-signed certificate, or
a certificate request for a third-party provider.
- Specify values for the required and optional parameters. Then, click Create
Certificate.
- Command-line interface:
- Certificate:
Type tklmCertCreate to create a certificate and a public and
private key pair, and store the certificate in an existing keystore. For example,
type:
print AdminTask.tklmCertCreate ('[-type selfsigned
-alias sklmCertificate -cn sklm -ou sales -o myCompanyName
-usage DS8000 -country US -keyStoreName defaultKeyStore
-validity 999]')
- Certificate request:
Type tklmCertGenRequest to create a PKCS
#10 certificate request file. For example,
type:
print AdminTask.tklmCertGenRequest('[-alias sklmCertificate3
-cn sklm -ou sales -o myCompanyName -locality myLocation
-country US -validity 999 -keyStoreName defaultKeyStore
-fileName myCertRequest3.crt -usage DS8000]')
- REST interface:
- Certificate
Use
Create Certificate REST Service to create a certificate and
a public and private key pair, and store the certificate in an existing keystore. For example, you
can send the following HTTP request by using a REST
client:
POST https://localhost:<port>/SKLM/rest/v1/certificates
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
{"type":"selfsigned","alias":"sklmCertificate","cn":"sklm","ou":
"sales","o":"myCompanyName","usage":"DS8000","country":"US","validity":
"999", "algorithm ": " RSA " }
- Certificate request
Use
Certificate Generate Request REST Service to create
a
PKCS #10 certificate request file. For example, you can send the following HTTP
request by using a REST
client:
POST https://localhost:<port>/SKLM/rest/v1/certificates
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
{"type":"certreq","alias":"sklmCertificate3","cn":"sklm","ou":
"sales","o":"myCompanyName","usage":"DS8000","country":"US","validity":
"999","fileName":"myCertRequest3.crt","algorithm":"ECDSA"}
What to do next
Your next
action depends on whether you created a certificate
or a certificate request.
- Certificate:
You can associate a certificate with a specific storage image.
- Certificate request:
Manually send the
certificate request to
a certificate authority. When the signed certificate returns, import
the certificate by using a pending action item on the Welcome panel,
or by using the tklmCertImport command or Certificate
Import REST Service.