If you want to integrate IBM Business Automation Studio with an external service, such as
User Management Service (UMS) or IBM Business Automation Workflow, then before you deploy Business Automation Studio, you must do some preparation.
Procedure
-
Import the Transport Layer Security (TLS) certificate of the external service.
If the certificate of the other component, such as UMS or IBM Business Automation Workflow, is not signed by the same root CA as your
Business Automation Studio or App Engine, you must add the root (not leaf) certificate
of the external service to the trusted certificate list of Business Automation Studio and App Engine.
-
Export and save the root certificate file of the external service as
xxx-cert.crt, then create the secret by running the following command:
kubectl create secret generic xxx-tls-crt-secret --from-file=tls.crt=./xxx-cert.crt
You will get a secret named xxx-tls-cert-secret.
-
Enter this secret value in every TLS section of the configuration parameters for Business Automation Studio and App Engine.
For
example:
tls:
tlsTrustList: [xxx-tls-crt-secret, xxx-tls-crt-secret2]
Your components will trust this certificate and communicate with the external service
successfully. The variable is an array and you can provide multiple values by separating them with a
comma.
-
Export the root CA key of Business Automation Studio and
App Engine.
You can use the following command to find the root CA key:
kubectl get secret root CA key of Studio/App Engine -o template --template='{{ index .data "tls.crt" }}' | base64 --decode > rootCA.crt
If you don't know the root CA key, look in the global.caSecretName in the custom
resource file. See IBM Business Automation Studio configuration
parameters.