IBM Support

Installing GUI certificates

Question & Answer


Question

How should I install CA (Certification Authority) certificates ?

Answer

Background:


A certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.

Steps:

Here are the steps required from a Guardium perspective to setup certificates on the appliance:

1. From CLI > store trusted certificate

This stores a CA or intermediate trusted path certificate on the Guardium appliance. You will need to install the trusted certificate(s) provided by the CA. If the CA is not self-signed, then you must establish and install the verification chain.

For example, if it is not self-signed, but consists of multiple signers, say A, B, C and D, you must install all trusted certificates (A, B, C, D)

Note: Please ensure the certificate is in PEM (Privacy Enhanced Mail) format not binary. If it is binary, you will need to convert it to PEM format (or it can be requested from your CA).

2. From CLI > csr

This stands for Certificate Signing Request, which is generated by running this CLI command. This is then sent back to the CA where they generate a Public Key certificate which will be installed in the next step.

    Note:
      For the Common Name, please use the default, which is the FQDN (Fully Qualified Domain name).
      Fill in the rest of the required information. The country code must be 2 letters.
      In v8.0.1, a keysize=1024 bits is used .
      In v8.2, there is a choice of 1024 or 2048.

3. From CLI > store certificate console

This stores a server certificate on the Guardium appliance. This certificate is what was sent from the CA in Step 2 and should also be in PEM format.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"9.1;9.0;8.2;8.0;7.0","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21516057

Page Feedback