Hitachi Content Platform for Cloud Scale certificate requirements

SSL communications with Hitachi Content Platform for Cloud Scale require the installation of the following certificates in the IBM® Global Security Kit (GSKit) .kdb file that is used by the Content Manager OnDemand server.

Procedure

To install the certificates:

  1. Download the certificates from https://www.digicert.com/kb/digicert-root-certificates.htm:
    • DigiCert Global Root CA
    • DigiCert TLS RSA SHA256 2020 CA1
  2. Add the certificates individually.
    The following example adds the "DigiCert Global Root CA" certificate to the key database named ondemand.kdb:
    gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" 
      -label "DigiCert Global Root CA" -file "DigiCertGlobalRootCA.crt" 
      -format binary -fips 
  3. Verify that the new certificate was stored in the key database by using GSKCapiCmd.
    The following example lists the certificates stored in ondemand.kdb:
    gsk8capicmd_64 -cert -list all -db "ondemand.kdb" -pw "myKeyDBpasswd"
    GSKCapiCmd displays the results which should now include the newly installed certificate:
    Certificates found
    * default, - personal, ! trusted, # secret key
    .
    .
    .
    !       "DigiCert Global Root CA"
    .
    .
    .

    Repeat steps 2 and 3 as needed to add additional certificates to the key database.