Using a custom certificate (IBM Cloud Pak for AIOps on Linux)

Learn how to add a custom certificate to a deployment of IBM Cloud Pak® for AIOps on Linux®.

Note: If you want to use a custom certificate for a deployment of IBM Cloud Pak for AIOps on Red Hat® OpenShift® Container Platform, use the procedure in Using a custom certificate and hostname (IBM Cloud Pak for AIOps on Red Hat OpenShift).

Procedure

If you want to use your own custom certificate for IBM Cloud Pak for AIOps instead of the default cluster certificate, then use the following steps after you have installed IBM Cloud Pak for AIOps on Linux.

  1. Ensure that you have the following three PEM-encoded X.509 certificate files:

    • caintermediate.pem: The intermediate certificate that issued your server certificate.
    • aiops.pem: An IBM Cloud Pak for AIOps certificate, which includes the two fully qualified domain names (FQDNs) for aiops-cpd and cp-console-aiops in the Subject Alternative Name (SAN) list.
    • aiops.key.pem: A key file for the signed certificate in aiops.pem

    You can find the FQDNs for aiops-cpd and cp-console-aiops with the following command:

    kubectl get ingress -n aiops

  2. Concatenate the server and intermediate certificates into one file called aiops-certificate-chain.pem.

    cat aiops.pem caintermediate.pem > aiops-certificate-chain.pem

  3. Update the system configuration with the new certificate.

    aiopsctl server custom-certificate --certificate-file aiops-certificate-chain.pem --key-file aiops.key.pem