In this tutorial, you learn how to quickly order a Let’s Encrypt certificate by using IBM Certificate Manager and IBM Cloud Internet Services (CIS) so that you can protect your domain.
Additionally, you will learn how to use page rules in CIS so that you can serve cached content that is stored in an IBM Cloud Object Storage bucket.
This tutorial uses the following services:
- IBM Cloud Certificate Manager: Obtain, store, and manage TLS certificates that you use for IBM Cloud or other cloud and on-premises deployments.
- IBM Cloud Internet Services (CIS): Manage all fronts of your domains, including web application firewall (WAF), DDoS, CDN, firewall rules, load balancing and more.
- IBM Cloud Object Storage: A flexible, cost-effective, and scalable cloud storage for unstructured data.
Let’s get started!
1. Provision service instances
From the IBM Cloud catalog, provision instances of the following services:
2. Store a file in IBM Cloud Object Storage
In your Cloud Object Storage instance, follow these steps:
- Click Create Bucket.
- Create a bucket of your choosing.
- Upload a file (e.g., an image).
- Go to Access policies > Public Access to create a public access policy:
3. Register a domain in IBM Cloud Internet Services (CIS)
In your CIS instance, add a domain and configure its DNS information. To learn more about using CIS to register a domain, check out the getting started tutorial.
4. Enable page rules to serve cached content
After you register a domain in your CIS instance, follow these steps:
- Select your domain and go to Performance > Page rules.
- In the Rule behavior section, select the Resolve override with COS setting:
- Select your Cloud Object Storage instance and bucket.
- Click Create to generate a cdn CNAME record:
- Go to Reliability > DNS.
- In the DNS records section, find your newly created CNAME record.
- Set the Proxy option for the record to ‘on’:
Copy the fully qualified URL of the DNS record. We will use it later.
At this point, you have configured your CIS instance to cache and serve your Cloud Object Storage bucket content. However, it is not yet protected using a certificate that is managed by Certificate Manager. To achieve this, let’s create an authorization so that Certificate Manager can order a certificate for your domain.
5. Create an authorization between services
In the IBM Cloud console, follow these steps:
- Go to Manage > Access (IAM) > Authorizations.
- Click Create.
- From the Source service list, select your Certificate Manager instance.
- From the Target service list, select your CIS instance.
- In the Service access section, select the Manager role. By selecting the Manager role, you assign Certificate Manager the access it needs to manage all of your registered domains in CIS. If you’d like to assign more granular access, you can provide the ID of a specific domain instead.
- Click Authorize.
With service-to-service authorization in place, you can now order a certificate.
6. Order a certificate from Certificate Manager
In your Certificate Manager instance, follow these steps:
- Click Order certificate.
- Provide the certificate details.
- Select your CIS instance and your domain.
- Click Order.
After the certificate becomes available, let’s download it and then upload it to CIS.
7. Upload the certificate to CIS
In your Certificate Manager instance, follow these steps:
- Click the dotted menu next to your certificate.
- Click Download.
In your CIS instance, follow these steps:
- Select your domain and go to the Security tab.
- In the Edge certificates section, click Order.
- In the side panel, click Upload.
- Paste the certificate’s data and private key.
- Click Add.
We’re all done. Let’s test this! In your browser, paste the fully qualified URL to see your image.
Next steps
In this tutorial, you learned how to protect a domain by using Certificate Manager and CIS and use page rules in CIS to serve cached content that is stored in Cloud Object Storage.
Want to learn more about managing SSL/TLS certificates with Certificate Manager? For more information, check out the IBM Cloud documentation. To share your questions, comments, raves, or concerns with us, use the Feedback button that can be found on any page of cloud.ibm.com.