Microsoft Azure certificate requirements
SSL communications with Microsoft Azure require the installation of the "Baltimore CyberTrust Root" certificate in the IBM® Global Security Kit (GSKit) .kdb file that is being used by the Content Manager OnDemand server.
Procedure
To install the certificate:
-
Download the certificate from:
- https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt
-
Add the "Baltimore CyberTrust Root" certificate to the key database.
The following example adds the "Baltimore CyberTrust Root" certificate to the key database named ondemand.kdb:
gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "Baltimore Cybertrust Root" -file "BaltimoreCyberTrustRoot.crt" -format binary -fips
-
Verify that the new certificate was stored in the key database by using
GSKCapiCmd.
The following example lists the certificates stored in ondemand.kdb:
gsk8capicmd_64 -cert -list all -db "ondemand.kdb" -pw "myKeyDBpasswd"
GSKCapiCmd displays the following result:Certificates found * default, - personal, ! trusted, # secret key ! "Entrust.net Secure Server Certification Authority" ! "Entrust.net Certification Authority (2048)" ! "Entrust.net Client Certification Authority" ! "Entrust.net Global Client Certification Authority" ! "Entrust.net Global Secure Server Certification Authority" ! "VeriSign Class 1 Public Primary Certification Authority" ! "VeriSign Class 2 Public Primary Certification Authority" ! "VeriSign Class 3 Public Primary Certification Authority" ! "VeriSign Class 1 Public Primary Certification Authority - G2" ! "VeriSign Class 2 Public Primary Certification Authority - G2" ! "VeriSign Class 3 Public Primary Certification Authority - G2" ! "VeriSign Class 4 Public Primary Certification Authority - G2" ! "VeriSign Class 1 Public Primary Certification Authority - G3" ! "VeriSign Class 2 Public Primary Certification Authority - G3" ! "VeriSign Class 3 Public Primary Certification Authority - G3" ! "VeriSign Class 3 Public Primary Certification Authority - G5" ! "VeriSign Class 4 Public Primary Certification Authority - G3" ! "Thawte Primary Root CA" ! "Thawte Primary Root CA - G2 ECC" ! "Thawte Server CA" ! "Thawte Premium Server CA" ! "Thawte Personal Basic CA" ! "Thawte Personal Freemail CA" ! "Thawte Personal Premium CA" ! "Baltimore Cybertrust Root" (Added this certificate) *- "IBM Content Manager OnDemand"