Get a certificate within minutes with IBM Cloud Internet Services and IBM Cloud Certificate Manager.

Need an SSL/TLS Certificate for your app or service? If you are using IBM Cloud Internet Services (CIS) as your Domain Name Service (DNS) provider, you can get a certificate within minutes at a click of a button from IBM Cloud Certificate Manager

IBM Cloud Certificate Manager lets you order free, domain-validated certificates signed by Let’s Encrypt—an automated, ACME-protocol-based Certificate Authority (CA) that issues free certificates that are valid for 90 days. Certificate Manager also helps you manage the lifecycle of your certificates and keep them secure.

How it works

When you order a certificate, you need to validate that you control the domains, which usually requires a lot of manual back and forth with your Certificate Authority. Let’s Encrypt automates certificate ordering through domain validation challenges. 

When you request a certificate from Let’s Encrypt, it sends you a DNS TXT record challenge to enter into your DNS provider, under the domain you requested, which you can do by calling your DNS provider APIs. Then, Let’s Encrypt queries your DNS for that record. If there was a match, Let’s Encrypt issues a certificate to you.   

We integrated Certificate Manager and IBM Cloud Internet Services (CIS) to do this work for you. Certificate Manager will interact with CIS to update TXT records. All you do is set up an access policy through IBM Cloud IAM to allow your Certificate Manager instance to access your CIS instance.

Other benefits of using Certificate Manager

Ordering a certificate through Certificate Manager has several more advantages:

  • Security: When you request a certificate, the key pair for your certificate is generated within Certificate Manager, where the keys are stored as encrypted. Actions performed on the certificate—including the order itself—and requests to download the certificate and private key are logged automatically to IBM Cloud Activity Tracker with LogDNA for audit purposes. If you want to limit access to individual certificates and keys, you can give access to users or services at the certificate level.
  • Lifecycle management: Certificate Manager also helps you manage the lifecycle of your TLS certificates. Get notified before your certificates expire and then renew them with the click of a button. Certificate Manager also sends you lifecycle notifications for events like a certificate issued or renewed, which you can use to trigger automated deployment processes (e.g., Configuring your Kubernetes ingress controller or CIS to use this certificate).

How to order a certificate

When your domains are registered as zones in CIS, go to Cloud IAM to set an access policy for Certificate Manager and CIS. Give Certificate Manager a Reader service access role for your CIS instance, and give Certificate Manager a Manager service access role for the relevant domains in CIS. Then, go to Certificate Manager and click Order. Fill out the certificate order form for CIS users. You should get a certificate issued to you within minutes

Easily order your certificates now 

To get started with Certificate Manager, check it out in the IBM Cloud catalog. You can also quickly order and activate your domain on CIS through the catalog.

Questions and feedback

  • For technical questions, go to Stack Overflow and use the ‘ibm-certificate-manager’ tag.
  • For non-technical questions, go to IBM developerworks with the ‘ibm-certificate-manager’ tag.
  • For questions or support needs on CIS or Certificate Manager, use the support section in the IBM Cloud menu.

Other uses for Cloud Internet Services

IBM Cloud Internet Services (CIS) provides you with a wide array of capabilities that can be leveraged at the network edge and easily deployed globally through Cloudflare’s 180+ Global Points of Presence (PoPs), providing you with the most comprehensive solution on the IBM Cloud to protect and optimize your Internet-facing applications, websites, and services. Improve your application and/or website reliability by registering your domains in our Domain Name Server (DNS) for fast resolution of hostnames to their corresponding IP addresses or aliases. 

More from Cloud

Clients can strengthen defenses for their data with IBM Storage Defender, now generally available

2 min read - We are excited to inform our clients and partners that IBM Storage Defender, part of our IBM Storage for Data Resilience portfolio, is now generally available. Enterprise clients worldwide continue to grapple with a threat landscape that is constantly evolving. Bad actors are moving faster than ever and are causing more lasting damage to data. According to an IBM report, cyberattacks like ransomware that used to take months to fully deploy can now take as little as four days. Cybercriminals…

2 min read

Integrating data center support: Lower costs and decrease downtime with your support strategy

3 min read - As organizations and their data centers embrace hybrid cloud deployments, they have a rapidly growing number of vendors and workloads in their IT environments. The proliferation of these vendors leads to numerous issues and challenges that overburden IT staff, impede clients’ core business innovations and development, and complicate the support and operation of these environments.  Couple that with the CIO’s priorities to improve IT environment availability, security and privacy posture, performance, and the TCO, and you now have a challenge…

3 min read

Using advanced scan settings in the IBM Cloud Security and Compliance Center

5 min read - Customers and users want the ability to schedule scans at the timing of their choice and receive alerts when issues arise, and we’re happy to make a few announcements in this area today: Scan frequency: Until recently, the IBM Cloud® Security and Compliance Center would scan resources every 24 hours, by default, on all of the attachments in an account. With this release, users can continue to run daily scans—which is the recommended option—but they also have the option for…

5 min read

Modernizing child support enforcement with IBM and AWS

7 min read - With 68% of child support enforcement (CSE) systems aging, most state agencies are currently modernizing them or preparing to modernize. More than 20% of families and children are supported by these systems, and with the current constituents of these systems becoming more consumer technology-centric, the use of antiquated technology systems is archaic and unsustainable. At this point, families expect state agencies to have a modern, efficient child support system. The following are some factors driving these states to pursue modernization:…

7 min read