Adding the certificate bundle of IBM Cloud Manager with OpenStack to IBM Cloud Orchestrator Server

For secure communication in IBM Cloud Manager with OpenStack, a Privacy Enhanced Mail (PEM) bundle is configured for certificate validation. You must add the bundle to the <TMP_DIR> directory of IBM Cloud Orchestrator Server so that it is available during the installation process.

1. Log in to the IBM Cloud Orchestrator Server.
2. Create <TMP_DIR> directory.
3. Run the following command to copy the certificate bundle:

   scp root@<ICM_controller>: /etc/pki/tls/icm/certs/ca_bundle.pem /<TMP_DIR>/openstack.crt

   where <ICM_controller> is the IP address or the fully qualified host name of IBM Cloud Manager with OpenStack master controller wherein the Keystone service is run. For multi-region setup, it is the controller of the first region. For high availability configuration, it is the primary controller of the first region installed.
4. Optionally, run the following command to check the certificate bundle content:

   openssl x509 -noout -text -in <TMP_DIR>/openstack.crt