Cloud
Security
January 15, 2021 By Idan Adar
Anton Aleksandrov
4 min read

In this tutorial, you learn how to quickly order a Let’s Encrypt certificate by using IBM Certificate Manager and IBM Cloud Internet Services (CIS) so that you can protect your domain.

Additionally, you will learn how to use page rules in CIS so that you can serve cached content that is stored in an IBM Cloud Object Storage bucket.

This tutorial uses the following services:

Let’s get started!

1. Provision service instances

From the IBM Cloud catalog, provision instances of the following services:

2. Store a file in IBM Cloud Object Storage

In your Cloud Object Storage instance, follow these steps:

  1. Click Create Bucket.
  2. Create a bucket of your choosing.
  3. Upload a file (e.g., an image).
  4. Go to Access policies > Public Access to create a public access policy:

3. Register a domain in IBM Cloud Internet Services (CIS)

In your CIS instance, add a domain and configure its DNS information. To learn more about using CIS to register a domain, check out the getting started tutorial.

4. Enable page rules to serve cached content

After you register a domain in your CIS instance, follow these steps:

  1. Select your domain and go to Performance > Page rules.
  2. In the Rule behavior section, select the Resolve override with COS setting:
  3. Select your Cloud Object Storage instance and bucket.
  4. Click Create to generate a cdn CNAME record:
  5. Go to Reliability > DNS.
  6. In the DNS records section, find your newly created CNAME record.
  7. Set the Proxy option for the record to ‘on’:

Copy the fully qualified URL of the DNS record. We will use it later.

At this point, you have configured your CIS instance to cache and serve your Cloud Object Storage bucket content. However, it is not yet protected using a certificate that is managed by Certificate Manager. To achieve this, let’s create an authorization so that Certificate Manager can order a certificate for your domain.

5. Create an authorization between services

In the IBM Cloud console, follow these steps:

  1. Go to Manage > Access (IAM) > Authorizations.
  2. Click Create.
  3. From the Source service list, select your Certificate Manager instance.
  4. From the Target service list, select your CIS instance.
  5. In the Service access section, select the Manager role. By selecting the Manager role, you assign Certificate Manager the access it needs to manage all of your registered domains in CIS. If you’d like to assign more granular access, you can provide the ID of a specific domain instead.
  6. Click Authorize.

With service-to-service authorization in place, you can now order a certificate.

6. Order a certificate from Certificate Manager

In your Certificate Manager instance, follow these steps:

  1. Click Order certificate.
  2. Provide the certificate details.
  3. Select your CIS instance and your domain.
  4. Click Order.

After the certificate becomes available, let’s download it and then upload it to CIS.

7. Upload the certificate to CIS

In your Certificate Manager instance, follow these steps:

  1. Click the dotted menu next to your certificate.
  2. Click Download.

In your CIS instance, follow these steps:

  1. Select your domain and go to the Security tab.
  2. In the Edge certificates section, click Order.
  3. In the side panel, click Upload.
  4. Paste the certificate’s data and private key.
  5. Click Add.

We’re all done. Let’s test this! In your browser, paste the fully qualified URL to see your image.

Next steps

In this tutorial, you learned how to protect a domain by using Certificate Manager and CIS and use page rules in CIS to serve cached content that is stored in Cloud Object Storage.

Want to learn more about managing SSL/TLS certificates with Certificate Manager? For more information, check out the IBM Cloud documentation. To share your questions, comments, raves, or concerns with us, use the Feedback button that can be found on any page of cloud.ibm.com.

Was this article helpful?
YesNo
Idan Adar
Developer, DevOps
Anton Aleksandrov
Chief Architect, Cloud Security Services

More from Cloud
April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

March 29, 2024

Optimize observability with IBM Cloud Logs to help improve infrastructure and app performance

5 min read - There is a dilemma facing infrastructure and app performance—as workloads generate an expanding amount of observability data, it puts increased pressure on collection tool abilities to process it all. The resulting data stress becomes expensive to manage and makes it harder to obtain actionable insights from the data itself, making it harder to have fast, effective, and cost-efficient performance management. A recent IDC study found that 57% of large enterprises are either collecting too much or too little observability data.…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters