Configuring a custom certificate for License Service

This version of documentation is no longer updated. For the latest information, see the following links:
- Continuous Delivery (CD) documentation
- Support Cycle-2 (SC-2) documentation

Configuring a custom certificate for License Service

To configure a custom certificate for License Service communication, complete the following steps:

Change the certificate name to tls.crt.
Change the name of the key to tls.key.
Run the following command to change the directory to where the certificate and the key are stored:
```
cd <certificate_directory>
```

Create a secret by using the following command:

licensingNamespace=$(oc get pods --all-namespaces | grep "ibm-licensing-service-" | awk {'print $1'})
kubectl create secret tls ibm-licensing-certs --key tls.key --cert tls.crt -n ${licensingNamespace}

Edit the IBMLicensing custom resource to include the certificate. Add the following parameters to the IBMLicensing section, under spec:

To enable the https connection, add the following line:
```
httpsEnable: true
```
To apply the custom certificate that you created in step 4 as ibm-licensing-certs, add the following line:
```
httpsCertsSource: custom
```
To enable custom TLS certificate, add the following lines:
```
tls:
- hosts:
    - https-<example>.com
  secretName: <secret_name>
```
Where secretName is the name of the secret that you created in step 4.

For example:

  apiVersion: operator.ibm.com/v1alpha1
  kind: IBMLicensing
  metadata:
     name: instance
  spec:
     httpsEnable: true
     httpsCertsSource: custom
     tls:
     - hosts:
         - https-<example>.com
       secretName: <secret_name>

When you change or replace a Custom Certificate to get the new Certificate, applied to the License Service, make sure to delete the ibm-licensing-operator-xxxx pod. This operation forces restart of the License Service with updated certificate.