Defining the security certificate

 For 20.0.1  By default, IBM Operational Decision Manager is delivered with a self-signed Secure Socket Layer (SSL) certificate. It is possible to replace the default certificate with your own certificate to better secure your HTTPS connections.  New in 20.0.2  You must connect securely with external services by exporting and importing certificates. For more information, see Managing certificates.

About this task

 For 20.0.1  To enable an SSL connection, the web server needs to have a digital certificate so that clients can trust the authenticity of the web application. The default self-signed certificate is a certificate for testing purposes or internal usage as it is signed by the person who created it rather than a trusted certificate authority.

Important: The SSL encryption for ODM supports only the Java™ keystore (JKS) format. You can convert other certificate formats to the JKS format by using the keystore keytool.

Procedure

  1. Create a Kubernetes secret for the JKS files and the associated passwords.

    To create a Kubernetes secret for JKS, you must enter four parameters.

    • keystore_password: The password of the keystore.
    • keystore.jks: The name of the keystore.
    • truststore_password: The password of the truststore.
    • truststore.jks: The name of the truststore.
    The following example shows how to create a Kubernetes secret:
    kubectl create secret generic mysecuritysecret --from-literal=keystore_password=keystorePwd --from-file=keystore.jks=keystoreFile.jks --from-literal=truststore_password=truststorePwd --from-file=truststore.jks=keystoreFile.jks

    Where mysecuritysecret is the name you give to the secret, keystorePwd and truststorePwd are the passwords.

  2. Required: Make a note of the name of your secret (mysecuritysecret) so that it is at hand when you enter it in the customization.securitySecretRef configuration parameter. You must enter the secret when you install ODM for production.