The SSL certificate chain order consists of root certificates, intermediate certificates, and the end-user certificate. Root CAs are a trusted source of certificates. Intermediate CAs are bridges that link the end-user certificate to the root CA. An SSL certificate chain order is the list of intermediate CAs leading back to a trusted root CA.
According to the IBM documentation (
https://www.ibm.com/docs/en/guardium/11.4?topic=management-creating-managing-custom-gim-certificates), the default Guardium, privately signed, certificates can be replaced with trusted CA certificates, without interrupting the GIM server to GIM client communication. However in 11.4, if the GIM client certificates isn’t issued by a trusted certificate authority, i.e., if it isn’t issued by a Root CA, then the connecting GIM server will not continue to check if the issuing CA was issued by a trusted root CA. Instead it will incorrectly connect the GIM client as unauthenticated. The idea is that the GIM server should keep going back down the SSL certificate chain order to find the trusted root CA.
Do not place IBM confidential, company confidential, or personal information into any field.