Get a certificate within minutes with IBM Cloud Internet Services and IBM Cloud Certificate Manager.

Need an SSL/TLS Certificate for your app or service? If you are using IBM Cloud Internet Services (CIS) as your Domain Name Service (DNS) provider, you can get a certificate within minutes at a click of a button from IBM Cloud Certificate Manager

IBM Cloud Certificate Manager lets you order free, domain-validated certificates signed by Let’s Encrypt—an automated, ACME-protocol-based Certificate Authority (CA) that issues free certificates that are valid for 90 days. Certificate Manager also helps you manage the lifecycle of your certificates and keep them secure.

How it works

When you order a certificate, you need to validate that you control the domains, which usually requires a lot of manual back and forth with your Certificate Authority. Let’s Encrypt automates certificate ordering through domain validation challenges. 

When you request a certificate from Let’s Encrypt, it sends you a DNS TXT record challenge to enter into your DNS provider, under the domain you requested, which you can do by calling your DNS provider APIs. Then, Let’s Encrypt queries your DNS for that record. If there was a match, Let’s Encrypt issues a certificate to you.   

We integrated Certificate Manager and IBM Cloud Internet Services (CIS) to do this work for you. Certificate Manager will interact with CIS to update TXT records. All you do is set up an access policy through IBM Cloud IAM to allow your Certificate Manager instance to access your CIS instance.

Other benefits of using Certificate Manager

Ordering a certificate through Certificate Manager has several more advantages:

  • Security: When you request a certificate, the key pair for your certificate is generated within Certificate Manager, where the keys are stored as encrypted. Actions performed on the certificate—including the order itself—and requests to download the certificate and private key are logged automatically to IBM Cloud Activity Tracker with LogDNA for audit purposes. If you want to limit access to individual certificates and keys, you can give access to users or services at the certificate level.
  • Lifecycle management: Certificate Manager also helps you manage the lifecycle of your TLS certificates. Get notified before your certificates expire and then renew them with the click of a button. Certificate Manager also sends you lifecycle notifications for events like a certificate issued or renewed, which you can use to trigger automated deployment processes (e.g., Configuring your Kubernetes ingress controller or CIS to use this certificate).

How to order a certificate

When your domains are registered as zones in CIS, go to Cloud IAM to set an access policy for Certificate Manager and CIS. Give Certificate Manager a Reader service access role for your CIS instance, and give Certificate Manager a Manager service access role for the relevant domains in CIS. Then, go to Certificate Manager and click Order. Fill out the certificate order form for CIS users. You should get a certificate issued to you within minutes

Easily order your certificates now 

To get started with Certificate Manager, check it out in the IBM Cloud catalog. You can also quickly order and activate your domain on CIS through the catalog.

Questions and feedback

  • For technical questions, go to Stack Overflow and use the ‘ibm-certificate-manager’ tag.
  • For non-technical questions, go to IBM developerworks with the ‘ibm-certificate-manager’ tag.
  • For questions or support needs on CIS or Certificate Manager, use the support section in the IBM Cloud menu.

Other uses for Cloud Internet Services

IBM Cloud Internet Services (CIS) provides you with a wide array of capabilities that can be leveraged at the network edge and easily deployed globally through Cloudflare’s 180+ Global Points of Presence (PoPs), providing you with the most comprehensive solution on the IBM Cloud to protect and optimize your Internet-facing applications, websites, and services. Improve your application and/or website reliability by registering your domains in our Domain Name Server (DNS) for fast resolution of hostnames to their corresponding IP addresses or aliases. 

Was this article helpful?

More from Cloud

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters