Create a certificate database

To create a certificate database with the local management interface, use the SSL Certificates management page.

Steps

  1. Select System > Secure Settings > SSL Certificates.

  2. From the menu bar, click New.

  3. On the Create SSL Certificate Database page, enter the name of the certificate database to create. The name of the certificate database name must be unique.

  4. Select the type of the certificate database.

    • If we select Local as the type, we can go to Step 5.

    • If we select Network as the type, complete the following fields:

      1. On the Main tab, fill in the Token Label and Passcode fields.

      2. Select the HSM type.

        • If we select nCipher nShield Connect as the HSM type, complete the following fields:

          1. On the HSM tab, the HSM IP Address field for the primary HSM device is required. The rest of the fields are optional. We can also provide details of a secondary HSM device. The secondary device can be used for load balancing and failover.

          2. On the RFS tab, if we select Automatic, enter the address of the remote file system that stores the key files. The rest of the fields are optional. If we select Manual Upload, click Browse to select the zip file containing the required key files. The contents of the zip file will be extracted and stored on the local file system.

            • The nCipher nShield Connect integration is only available if you first install the 'IBM Security Verify Access nCipher nShield Connect HSM Extension'. This extension is available for download from the IBM Security App Exchange (https://exchange.xforce.ibmcloud.com/hub/IdentityandAccess).

            • If the files in the remote file system are changed and we selected the Manual Upload option, we must manually upload an updated zip file. The updated zip file overwrites existing file entries but does not delete missing file entries.

        • If we select SafeNet Luna SA as the HSM type, complete the IP Address and Admin Password fields on the SafeNet tab. The SafeNet integration is only available if you first install the 'IBM Security Verify Access SafeNet Luna Network HSM Extension'. This extension is available for download from the IBM Security App Exchange (https://exchange.xforce.ibmcloud.com/hub/IdentityandAccess). We can then use the appliance to manage the certificates contained on the HSM device. However, some operations, such as certificate extract, are not supported.

  5. Click Save.

  6. Commit changes .

Parent topic: Manage SSL certificates