SSL communications with Hitachi Content Platform for Cloud Scale
require the installation of the following certificates
in the IBM® Global Security Kit (GSKit) .kdb file that is used by the Content Manager OnDemand server.
Procedure
To install the certificates:
-
Download the certificates from https://www.digicert.com/kb/digicert-root-certificates.htm:
- DigiCert Global Root CA
- DigiCert TLS RSA SHA256 2020 CA1
-
Add the certificates individually.
The following example adds the "DigiCert Global Root CA" certificate to the key database
named ondemand.kdb:
gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd"
-label "DigiCert Global Root CA" -file "DigiCertGlobalRootCA.crt"
-format binary -fips
-
Verify that the new certificate was stored in the key database by using
GSKCapiCmd.
The following example lists the certificates stored in ondemand.kdb:
gsk8capicmd_64 -cert -list all -db "ondemand.kdb" -pw "myKeyDBpasswd"
GSKCapiCmd displays the results which should now include the
newly installed certificate:
Certificates found
* default, - personal, ! trusted, # secret key
.
.
.
! "DigiCert Global Root CA"
.
.
.
Repeat steps 2 and 3 as needed to add additional certificates to the key
database.