Allowing external services to connect with endpoints over TLS
If an external service needs to access your components, you must extract the operator
root CA key and import it to the truststore of the external service.
Changing the default root CA signer certificate Creating secure endpoints for external services Cloud Pak components create routes to allow clients outside the cluster to interact with user interfaces and APIs over HTTPS. By default, these endpoints are secured with certificates that are signed by the root CA certificate of the Cloud Pak . For production environments, it is likely that you want to use your own certificates that are trusted by your clients. In this case, concatenate all certificates of the certificate chain (the custom route certificate and its signers) in a single certificate (.crt) file.