Creating a self-signed certificate
You can create a self-signed certificate by using the GSKCapiCmd command.
Procedure
To create a self-signed certificate, do the following steps:
-
Create a self-signed certificate by using GSKCapiCmd. SHA2 or higher
certificates are supported. There are many options for signature algorithms. You can check the
signature algorithm options by using the gsk8capicmd_64 -cert -create
command, and then select one. In the following example,
SHA256WithRSA
is used.The following example creates a self-signed certificate with the labelmyselfsigned
:gsk8capicmd_64 -cert -create -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "myselfsigned" -dn "CN=myhost.mycompany.com,O=myOrganization, OU=myOrganizationUnit,L=Boulder,ST=CO,C=US" -sigalg SHA256WithRSA
-
Extract the certificate to a
file by using GSKCapiCmd.
The following example extracts the certificate into a file called ondemand.arm:
gsk8capicmd_64 -cert -extract -db "ondemand.kdb" -pw "myKeyDBpasswd" -label "myselfsigned" -target "ondemand.arm" -format ascii
-
Distribute the
ondemand.arm
file you created to all computers that run clients that will establish SSL connections to your Content Manager OnDemand server. Theondemand.arm
signer certificate will be added to the client key database. See step 4 in Setting up SSL for the Windows clients.