List of Issuers, CA certificates, and secrets

A summary of certificate issuers, with the CA issued by each, and the corresponding secret used to sign certificates in an API Connect deployment.

Table 1 presents a list of the certificate issuers used in an API Connect deployment, with the CA issued by each, and the corresponding secret used to sign certificates. The selfsigning-issuer is used only for creating CAs, and does not have a corresponding certificate or secret of its own. If you have customized certificates, the certificates generated by the issuers in Table 1 use the custom-certs-external.yaml template.

Table 1. Issuers, CAs, and secrets
Issuer CA certificate Secret
selfsigning-issuer N/A N/A
ingress-issuer ingress-ca issued by selfsigning-issuer ingress-ca
Attention: If you change the ingress-ca secret in a two data center deployment, you must change it to the same value in both data centers.
analytics-ca analytics-ca issued by selfsigning-issuer analytics-ca
management-ca management-ca issued by selfsigning-issuer management-ca
portal-ca portal-ca issued by selfsigning-issuer portal-ca
Note: On Cloud Pak for Integration, and OpenShift top-level CR deployments, some certificate names are contracted and prefixed with the APIConnectCluster instance name. For example, the certificate managment-ca is called <apic instance name>-mgmt-ca.