Customizing the Cloud Pak Identity Management (IM) service

If the Cloud Pak foundational services Identity Management (IM) route (cp-console) is enabled because your CP4BA deployment uses All Namespaces, you can change the route hostname and customize the TLS certificate that is used to secure the route.

Before you begin

For more information, see Customizing the Cloud Pak entry point.

About this task

Changing certificates is often done to use a certificate that you purchased from a public certificate authority (CA) or signed by your corporate CA.

If you modify the domain from the default Red Hat® OpenShift® Container Platform (OCP) domain, make sure that the new hostname can resolve to the OpenShift router from inside and outside the OCP cluster.

Procedure

  1. Create the custom-tls-secret.
  2. Run a job to update the configuration, and restart the appropriate pods.
    For more information, see Updating cp-console hostname and TLS secret External link opens a new window or tab.
    Note: The custom-tls-secret that you must create requires a specific format, which is not the same as the format of secrets used in other route customizations.

Results

You can now test the route by accessing a protected URL, like the cpd route. The requests are redirected to IM for authentication, and the new hostname and certificates are used by the Login page.