IBM Support

How to set a third-party certificate for UI access for Guardium Key Lifecycle Manager browser administration.

How To


Summary

IBM Security Guardium Key Lifecycle Manager when installed provides options to use a self-signed certificate or to import a third-party signed certificate. This certificate is used for the administration browser page, device SSL communication, and GKLM server to server communication.

When you access the administration page, it shows a "certificate error", typically over port 9443. For example, https:\\YourServerorIP:9443\ibm\SKLM\login.jsp when a self-signed certificate is used. The issue is caused by the browser not recognizing the trusted root for the self-signed certificate in the trusted CA root store.

When required to use a CA signed certificate that is trusted by the browser, you can change the certificate in the GKLM configuration. There are multiple ways of altering this configuration. This document is to highlight the graphical feature introduced in the GKLM administration pages.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTJE47","label":"IBM Security Guardium Key Lifecycle Manager"},"ARM Category":[{"code":"a8m0z000000cvduAAA","label":"SKLM-\u003ECONFIGURATION-\u003ESSL"},{"code":"a8m0z000000cvdSAAQ","label":"SKLM-\u003EWEBSPHERE"}],"ARM Case Number":"TS010768381","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
19 May 2023

UID

ibm16826691

Page Feedback