You must generate a client certificate signing request (CSR) and provide it to the IBM support team. The support team returns a signed CSR and the CA certificate bundle, which are required for the IBM Digital Asset Haven hybrid deployment.
Before you begin
Ensure that you have an active IBM SaaS account for your subscription.
Procedure
-
Contact the IBM support team to request an upgrade to the Enterprise version.
Provide your Subscription ID in the request.
-
Review the response from the IBM support team.
The team provides the following information:
- A link to download the IBM Digital Asset Haven hybrid bundle
- Client ID to download the archive.
-
Export required environment variables
export COUNTRY_CODE=DE
export STATE=BW
export LOCALITY=BB
export ORGANIZATION=IBM
export ORGANIZATION_UNIT=IBMZ
export EMAIL_ADDRESS=someone@ibm.com
-
Generate the client CSR by running the generate-client-csr.sh script.
Run the following command from the directory that contains the script:
./generate-client-csr.sh --hsm-id <hsm-id> --client-id <client-id> --cluster-id=<cluster-id>
Where:
<hsm-id> is a client-defined identifier.<client-id> is provided by the IBM support team.<cluster-id> is the keystore id which is generated in Generating client CSR
Example:
./generate-client-csr.sh --client-id=123456789012 --hsm-id=ha2 --cluster-id=store-8fb15-6e82f-c53ede
CSR: ha2-store-8fb15-6e82f-c53ede-123456789012-stg.da.ibm.com.csr
Generated new private key at ha2-store-8fb15-6e82f-c53ede-123456789012-key.pem
The ID to use when creating the keystore is: store-8fb15-6e82f-c53ede
-
Verify that the script generates the expected output.
<hsm-id>-<keystore-id>-<client-id>-<domain>.csr
Example output:
ha2-store-8fb15-6e82f-c53ede-123456789012-stg.da.ibm.com.csr
ha2-store-8fb15-6e82f-c53ede-123456789012-key.pem
-
Rename
ha2-store-8fb15-6e82f-c53ede-123456789012-key.pem to client.key.pem
-
Send the generated client CSR file to the IBM support team.
-
Download the signed client CSR and the CA certificate bundle from the IBM support team response.