Creating a self-signed certificate

You can create a self-signed certificate by using the GSKCapiCmd command.

Procedure

To create a self-signed certificate, do the following steps:

Create a self-signed certificate by using GSKCapiCmd. SHA2 or higher certificates are supported. There are many options for signature algorithms. You can check the signature algorithm options by using the gsk8capicmd_64 -cert -create command, and then select one. In the following example, SHA256WithRSA is used.
The following example creates a self-signed certificate with the label myselfsigned:
```
gsk8capicmd_64 -cert -create -db "ondemand.kdb" -pw "myKeyDBpasswd" 
-label "myselfsigned" -dn "CN=myhost.mycompany.com,O=myOrganization,
OU=myOrganizationUnit,L=Boulder,ST=CO,C=US" -sigalg SHA256WithRSA
```
Extract the certificate to a file by using GSKCapiCmd.
The following example extracts the certificate into a file called ondemand.arm:
```
gsk8capicmd_64 -cert -extract -db "ondemand.kdb" -pw "myKeyDBpasswd" 
-label "myselfsigned" -target "ondemand.arm" -format ascii
```
Distribute the ondemand.arm file you created to all computers that run clients that will establish SSL connections to your Content Manager OnDemand server. The ondemand.arm signer certificate will be added to the client key database. See step 4 in Setting up SSL for the Windows clients.