Generating custom certificates using default values for IKS

You can use the provided file custom-certs-external.yaml to generate custom certificates.

About this task

You can quickly generate custom certificates by using the provided file custom-certs-external.yaml. This file is located in the helper_files directory. It contains Certificate YAML definitions for every Common Subsystem Communication, and External Frontend/Ingress certificate, CA, and Issuer that can be customized for each subsystem of IBM API Connect. The definitions are already populated with the recommend default values. All that is required is to update the hostnames before applying into the cluster.

Note that the file does not contain Certificate YAML definitions for Internal certificates. Customization of internal certificates (for use internally by the subsystems in API Connect) is an advanced use-case, and is not recommended.

Note: As an alternative to using these instructions, you can instead manually prepare Certificate definitions for use when generating your custom certificates. The alternative process takes longer but allows more control, including modification of internal certificates. See Generating custom certificates manually for IKS


  1. Open custom-certs-external.yaml in a text-editor. Find and replace each occurrence of with the desired ingress subdomain for the API Connect stack.
  2. Apply the file into the cluster:
    kubectl apply -f custom-certs-external.yaml -n <namespace>
  3. Continue with Installing API Connect on IKS with custom certificates.