Google Cloud Storage certificate requirements
SSL communications with Google Cloud Storage require the installation of the "Global Sign Root CA-R1" certificate, the "GTS Root R1" certificate, and the "GTS CA IC3" certificate in the IBM® Global Security Kit (GSKit) .kdb file that is being used by the Content Manager OnDemand server.
Procedure
To install the certificates:
-
Download the certificates from:
Global Sign Root CA-R1
https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificatesGTS Root R1 and GTS CA IC3
https://pki.goog/repository
-
Add the "Global Sign Root CA-R1" certificate to the key database.
The following example adds the "Global Sign Root CA-R1" certificate to the key database named ondemand.kdb:
gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "Global Sign Root CA-R1" -file "gsr_root.crt" -format binary -fips
-
Add the "GTS Root R1" certificate to the key database.
The following example adds the "GTS Root R1" certificate to the key database named ondemand.kdb:
gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "GTS Root R1" -file "gts_root_r1.der" -format binary -fips
-
Add the "GTS CA IC3" certificate to the key database.
The following example adds the "GTS CA IC3" certificate to the key database named ondemand.kdb:
gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "GTS CA IC3" -file "gts_ca_ic3.der" -format binary -fips
-
Verify that the three new certificates were stored in the key database by using
GSKCapiCmd.
The following example lists the certificates stored in ondemand.kdb:
gsk8capicmd_64 -cert -list all -db "ondemand.kdb" -pw "myKeyDBpasswd"
GSKCapiCmd displays the following result:Certificates found * default, - personal, ! trusted, # secret key ! "Entrust.net Secure Server Certification Authority" ! "Entrust.net Certification Authority (2048)" ! "Entrust.net Client Certification Authority" ! "Entrust.net Global Client Certification Authority" ! "Entrust.net Global Secure Server Certification Authority" ! "VeriSign Class 1 Public Primary Certification Authority" ! "VeriSign Class 2 Public Primary Certification Authority" ! "VeriSign Class 3 Public Primary Certification Authority" ! "VeriSign Class 1 Public Primary Certification Authority - G2" ! "VeriSign Class 2 Public Primary Certification Authority - G2" ! "VeriSign Class 3 Public Primary Certification Authority - G2" ! "VeriSign Class 4 Public Primary Certification Authority - G2" ! "VeriSign Class 1 Public Primary Certification Authority - G3" ! "VeriSign Class 2 Public Primary Certification Authority - G3" ! "VeriSign Class 3 Public Primary Certification Authority - G3" ! "VeriSign Class 3 Public Primary Certification Authority - G5" ! "VeriSign Class 4 Public Primary Certification Authority - G3" ! "Thawte Primary Root CA" ! "Thawte Primary Root CA - G2 ECC" ! "Thawte Server CA" ! "Thawte Premium Server CA" ! "Thawte Personal Basic CA" ! "Thawte Personal Freemail CA" ! "Thawte Personal Premium CA" ! "GlobalSign Root R1" ! "GTS Root R1" ! "GTS 1C3" *- "IBM Content Manager OnDemand"