Adding a Liberty API Certificate

About this task

The Liberty API certificate is used by both the Liberty API UI and B2Bi Customization UI.
Note: The Liberty API certificate is stored as an OC secret and not in a file.

Procedure

  1. Generate the .pfx file from the ssl certificate.
    Important: Make sure to specify the export password the same as the existing certificate password in values.yaml or OC secret.
  2. Add the certificate to the bastion server: <CERTS_PATH>/b2b-qa-liberty.pfx.
  3. Create the secret: oc create secret generic <LIBERTY_KEYSTORE_SECRET> --from-file=<PATH_TO_PFX_FILE>.
  4. Verify the secret creation: oc get secret <LIBERTY_KEYSTORE_SECRET>.
  5. Update the values.yaml with the new secret for the Liberty API certificate.
  6. Edit the values.yaml and change the line below from libertyKeystoreSecret to <LIBERTY_KEYSTORE_SECRET>.
  7. Run the helm upgrade to update the secret for the Liberty API certificate: 
    helm upgrade b2b-qa-b2bi -f values.yaml . --timeout 10m0s --namespace <NAMESPACE>
    Note: Here, b2b-qa-b2bi is the helm name.
  8. Restart the ASI pods.
  9. Open the Liberty API UI and Customization UI to verify that the new certificate is presented by the server.