Microsoft Azure certificate requirements

SSL communications with Microsoft Azure require the installation of the "Baltimore CyberTrust Root" certificate in the IBM® Global Security Kit (GSKit) .kdb file that is being used by the Content Manager OnDemand server.

Procedure

To install the certificate:

  1. Download the certificate from:
    • https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt
  2. Add the "Baltimore CyberTrust Root" certificate to the key database.
    The following example adds the "Baltimore CyberTrust Root" certificate to the key database named ondemand.kdb:
    gsk8capicmd_64 -cert -add -db "ondemand.kdb" -pw "myKeyDBpasswd" 
    -label "Baltimore Cybertrust Root" -file "BaltimoreCyberTrustRoot.crt" 
    -format binary -fips 
  3. Verify that the new certificate was stored in the key database by using GSKCapiCmd.
    The following example lists the certificates stored in ondemand.kdb:
    gsk8capicmd_64 -cert -list all -db "ondemand.kdb" -pw "myKeyDBpasswd"
    GSKCapiCmd displays the following result:
    Certificates found
    * default, - personal, ! trusted, # secret key
    !       "Entrust.net Secure Server Certification Authority"
    !       "Entrust.net Certification Authority (2048)"
    !       "Entrust.net Client Certification Authority"
    !       "Entrust.net Global Client Certification Authority"
    !       "Entrust.net Global Secure Server Certification Authority"
    !       "VeriSign Class 1 Public Primary Certification Authority"
    !       "VeriSign Class 2 Public Primary Certification Authority"
    !       "VeriSign Class 3 Public Primary Certification Authority"
    !       "VeriSign Class 1 Public Primary Certification Authority - G2"
    !       "VeriSign Class 2 Public Primary Certification Authority - G2"
    !       "VeriSign Class 3 Public Primary Certification Authority - G2"
    !       "VeriSign Class 4 Public Primary Certification Authority - G2"
    !       "VeriSign Class 1 Public Primary Certification Authority - G3"
    !       "VeriSign Class 2 Public Primary Certification Authority - G3"
    !       "VeriSign Class 3 Public Primary Certification Authority - G3"
    !       "VeriSign Class 3 Public Primary Certification Authority - G5"
    !       "VeriSign Class 4 Public Primary Certification Authority - G3"
    !       "Thawte Primary Root CA"
    !       "Thawte Primary Root CA - G2 ECC"
    !       "Thawte Server CA"
    !       "Thawte Premium Server CA"
    !       "Thawte Personal Basic CA"
    !       "Thawte Personal Freemail CA"
    !       "Thawte Personal Premium CA"
    !       "Baltimore Cybertrust Root"               (Added this certificate)
    *-      "IBM Content Manager OnDemand"