You may want to use your own TLS certificate for the encryption of database
connections.
About this task
This section describes the steps necessary to install a custom TLS certificate instead of using
the certificate which is automatically created by the operator. For this purpose you need:
- PEM encoded root certificate ca.crt
- PEM encoded client certificate tls.crt
- PEM encoded client key tls.key
Procedure
-
Convert the content of each of these PEM information to base64. Example shows how to do it for
root certificate.
cat ca.crt | base64 > ca.crt.base64
-
Switch to the project of your Informix installation - we are using "zen" as example here.
-
Next is to identify the secret that shall be edited.
oc get secret | grep informix-tls
-
If you have more than one Informix cluster running in your project you will need to pick the
correct one - we are using "informix-0123456789012345" as example here.
Now you can edit the secret and put the base64 encoded parts of your TLS certificate into the
according keys ca.crt, tls.crt and tls.key of the secret:
oc edit secret informix-0123456789012345-informix-tls
-
The certificate change will be effective on the next Informix server boot. You can use the
method described in Restarting the Informix cluster to do this.