List of Issuers, CA certificates, and secrets
A summary of certificate issuers, with the CA issued by each, and the corresponding secret used to sign certificates in an API Connect deployment.
Table 1 presents a list of the certificate issuers used in an API Connect deployment, with the CA issued by each, and the corresponding secret used to sign
certificates. The selfsigning-issuer
is used only for creating CAs, and does not
have a corresponding certificate or secret of its own. If you have customized certificates, the
certificates generated by the issuers in Table 1 use the
custom-certs-external.yaml template.
Issuer | CA certificate | Secret |
---|---|---|
selfsigning-issuer |
N/A | N/A |
ingress-issuer |
ingress-ca issued by selfsigning-issuer |
ingress-ca Attention: If you change the
ingress-ca secret in a two data center deployment, you must change it to the same
value in both data centers. |
analytics-ca |
analytics-ca issued by selfsigning-issuer |
analytics-ca |
management-ca |
management-ca issued by selfsigning-issuer |
management-ca |
portal-ca |
portal-ca issued by selfsigning-issuer |
portal-ca |
Note: On Cloud Pak for Integration, and
OpenShift top-level CR deployments, some certificate names are contracted and prefixed with the
APIConnectCluster
instance name. For example, the certificate
managment-ca
is called <apic instance
name>-mgmt-ca
.