Using custom certificates

Learn how to use a custom certificate for License Service API over https.

To configure a custom certificate for License Service communication, complete the following steps:

  1. Change the certificate name to tls.crt.

  2. Change the name of the key to tls.key.

  3. Run the following command to change the directory to where the certificate and the key are stored:

    cd <certificate_directory>
  4. Create a secret by using the following command:

    licensingNamespace=$(oc get pods --all-namespaces | grep "ibm-licensing-service-" | awk {'print $1'})
    kubectl create secret tls ibm-licensing-certs --key tls.key --cert tls.crt -n ${licensingNamespace}
  5. Edit the IBMLicensing custom resource to include the certificate. Add the following parameters to the IBMLicensing section, under spec:

    • To enable the https connection, add the following line:

      httpsEnable: true
    • To apply the custom certificate that you created in step 4 as ibm-licensing-certs, add the following line:

      httpsCertsSource: custom

      For example:

      kind: IBMLicensing
         name: instance
         httpsEnable: true
         httpsCertsSource: custom

When you change or replace a Custom Certificate to get the new Certificate, applied to the License Service, make sure to delete the ibm-licensing-operator-xxxx pod. This operation will force restart of License Service with updated certificate.