Certificate management (IBM Cloud Pak for AIOps on OpenShift)

With IBM Cloud Pak for AIOps, you can use IBM Cert Manager to manage your certificates or a certificate manager of your choosing. IBM Cert Manager is a service provided with IBM Cloud Pak® foundational services.

The procedure for installing a certificate for IBM Cloud Pak for AIOps depends on the certificate or endpoint that you want to secure.

Red Hat OpenShift Container Platform certificates

Red Hat OpenShift Container Platform cluster certificate

Once you have a certificate manager, you can then use the Red Hat OpenShift Container Platform cluster certificate or your own custom certificate for IBM Cloud Pak for AIOps (or a standalone installation of Infrastructure Automation) instead of the Red Hat OpenShift Container Platform. For more information, see Using a custom certificate.

Red Hat OpenShift Container Platform console certificate

This certificate is for the Red Hat OpenShift Container Platform console and is typically for use of only the cluster administrator, rather than other IBM Cloud Pak for AIOps users. It is critical that the certificate does not include the cp-console or the cpd-aiops routes in the certificate.

The default ingress certificate for Red Hat OpenShift Container Platform can have only a SAN of:

DNS.1 = *.apps.mycluster.example.com

For more information, see Red Hat OpenShift Container Platform certificate.

IBM Cloud Pak foundational services - IBM Cert Manager certificates

To add and manage certificates for IBM Cloud Pak for AIOps, you can use IBM Cert Manager, which is included with IBM Cloud Pak foundational services. With IBM Cert Manager installed, you can begin to use the available capabilities to add and manage your certificates. The IBM Cloud Pak for AIOps installation procedures include steps to optionally install IBM Cloud Pak foundational services Cert Manager.

For more information about the IBM Cloud Pak foundational services Cert Manager, see Using IBM Certificate manager (cert-manager).