By Kanako Harada 3 min read
November 17, 2022

Step-by-step instructions for ALB users who need to migrate from Certificate Manager to Secrets Manager.

IBM Cloud Certificate Manager reached to End of Marketing on September 30, 2022, and will reach End of Support on December 31, 2022. This means that clients who currently use Certificate Manager need to migrate to IBM Cloud Secrets Manager.

Certificates can be migrated manually or through a script, and this will allow your certificates in Secrets Manager to be accessible from services in IBM Cloud. This blog post covers the simple use case of an ALB user who currently uses Certificate Manager.

Steps

We will cover the following:

  • How to manually migrate the certificates for ALB from Certificate Manager to Secrets Manager
  • How to assign access rights to Secrets Manager from ALB
  • How to import certificates from Secrets Manager to ALB

How to manually migrate the certificates for ALB from Certificate Manager to Secrets Manager

First, you’ll need to download the certificates from Certificate Manager.

Required action within Certificate Manager

  1. Navigate to the hamburger icon at the top left to display the Resource list.
  2. Open Security and search for the existing Certificate Manager that you want to migrate. Click on it to open.
  3. Open Your certificates and right-click on the three-dots icon at the right end of the certificate that you want to migrate.
  4. Select Download Certificate from the displayed drop-down list.
  5. A file will be downloaded in ZIP format, including the certificate, secret key and ICA (Intermediate Certificates). 
  6. Extract it to a folder that you can find easily.

Required action within Secrets Manager

  1. Navigate to the hamburger icon at the top left to display the Resource list.
  2. Open Security and search for the existing Secrets Manager that you want to migrate. Click on it. 
  3. Click on Secrets in the left pane and then click the Add button to the right above of the list of secrets.
  4. Select TLS certificate on the first page of Add Certificate.
  5. Select Import certificate on the next page.
  6. Scroll down the page and name your certification that you want to import. 
  7. Add a pem file to the Certificate section. You can get the pem file once you extract the downloaded ZIP file from Step 5 in the section above. 
  8. Add a secret key file to the Secret key (Option) section from the extracted folder.
  9. Add an ICA file to the ICA (Option) section from the extracted folder.
  10. Click Create at the bottom right of the page. 
  11. Now you have finished importing the certificate to Secrets Manager.

How to assign access rights to Secrets Manager from ALB

The next step is to give sufficient access rights to ALB so that it can use Secrets Manager. This is done through IAM.

Preparation for giving access rights

  1. Navigate to Manage > Access (IAM) on the portal to open the IAM page.
  2. Select Authorizations from the left pane to open the Manage Authorizations page.

Create a new Authorization from the Manage Authorizations page (giving access right)

  1. Click Create at the top right.
  2. Click Manage Authorizations to create a new Authorization.
  3. Select This Account for Source account.
  4. Select VPC Infrastructure Service for Source Service.
  5. Select Resources based on selected attributes for How do you want to scope the access?
  6. Check Resource type
  7. Select Load Balancer for VPC for  Resource type.
  8. Select Secrets Manager for Target service.
  9. Select All resources for How do you want to scope the access?
  10. Select Writer for Service access.
  11. Click Authorize.

How to import certificates from Secrets Manager to ALB

The next step is to import certificates from Secrets Manager to ALB.

Note: If you encounter an issue in this step, it will revert to the status that existed before importing the certificate from Certificate Manager. If there is a need to revert to the original status, please select Certificate Manager as source and import the certificate. This will restore the original status.

Import the certificate for ALB 

  1. Click the icon shaped like four vertical lines in the top left of the portal.
  2. Select VPC Infrastructure in the left pane and select Load Balancers.
  3. Select your load balancer from the list in Load balancers for VPC and select the correct value for Region in the pop-up of the list.
  4. Click the Front-end listeners tab on the detailed page of load balancers.
  5. Select Edit from the drop-down list.
  6. Select Secrets Manager for Certificate source.
  7. Select your Secrets Manager instance for Secrets Manager.
  8. Select your imported certification for SSL Certificate.
  9. Click Save to import your selected certification.

Conclusion

This blog post has provided a good overview of manual migration from IBM Cloud Certificate Manager to IBM Cloud Secrets Manager and the steps for letting ALB use certification in Secrets Manager.

If you would like to complete the migration by using a script, please check out the links listed below:

 

Categories

Cloud
Kanako Harada
IBM Cloud Technical Account Manager

More from Cloud
September 21, 2023

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…

September 20, 2023

Temenos brings innovative payments capabilities to IBM Cloud to help banks transform

3 min read - The payments ecosystem is at an inflection point for transformation, and we believe now is the time for change. As banks look to modernize their payments journeys, Temenos Payments Hub has become the first dedicated payments solution to deliver innovative payments capabilities on the IBM Cloud for Financial Services®—an industry-specific platform designed to accelerate financial institutions' digital transformations with security at the forefront. This is the latest initiative in our long history together helping clients transform. With the Temenos Payments…

September 20, 2023

Foundational models at the edge

7 min read - Foundational models (FMs) are marking the beginning of a new era in machine learning (ML) and artificial intelligence (AI), which is leading to faster development of AI that can be adapted to a wide range of downstream tasks and fine-tuned for an array of applications.  With the increasing importance of processing data where work is being performed, serving AI models at the enterprise edge enables near-real-time predictions, while abiding by data sovereignty and privacy requirements. By combining the IBM watsonx data…

September 18, 2023

The next wave of payments modernization: Minimizing complexity to elevate customer experience

3 min read - The payments ecosystem is at an inflection point for transformation, especially as we see the rise of disruptive digital entrants who are introducing new payment methods, such as cryptocurrency and central bank digital currencies (CDBC). With more choices for customers, capturing share of wallet is becoming more competitive for traditional banks. This is just one of many examples that show how the payments space has evolved. At the same time, we are increasingly seeing regulators more closely monitor the industry’s…