Custom TLS certificate

You may want to use your own TLS certificate for the encryption of database connections.

About this task

This section describes the steps necessary to install a custom TLS certificate instead of using the certificate which is automatically created by the operator. For this purpose you need:
  • PEM encoded root certificate ca.crt
  • PEM encoded client certificate tls.crt
  • PEM encoded client key tls.key

Procedure

  1. Convert the content of each of these PEM information to base64. Example shows how to do it for root certificate.
    cat ca.crt | base64 > ca.crt.base64
  2. Switch to the project of your Informix installation - we are using "zen" as example here.
    oc project zen
  3. Next is to identify the secret that shall be edited.
    oc get secret | grep informix-tls
  4. If you have more than one Informix cluster running in your project you will need to pick the correct one - we are using "informix-0123456789012345" as example here.

    Now you can edit the secret and put the base64 encoded parts of your TLS certificate into the according keys ca.crt, tls.crt and tls.key of the secret:

    oc edit secret informix-0123456789012345-informix-tls
  5. The certificate change will be effective on the next Informix server boot. You can use the method described in Restarting the Informix cluster to do this.