Replacing default keys and certificates
IBM Cloud Pak® for Integration automatically generates a set of default keys and certificates which it uses during the initial installation. You can replace the defaults with keys and certificates generated by the user.
This is especially useful in cases where you see an error, such as a browser certificate warning.
IBM Cloud Pak for Integration employs the TLS protocol to secure communications between the Cloud Pak for Integration instance (IBM Cloud Pak Platform UI) and any browser the user employs to access it. TLS is also used in communications between the Cloud Pak for Integration module and any other capability modules installed in the cluster using IBM Cloud Pak Platform UI instance, such as App Connect.
You will need access to the keys and certificates you want to use for this purpose. Note that the CA domain specified in the configuration file (config.yaml) used when the cluster was created must be the same as the CA domain of the certificate you are using. This also needs to match the DNS names used for all endpoints used by Cloud Integration Platform and all endpoints used by any deployed capabilities.
These keys must reside in a location accessible to the kubectl command of your cluster. You will use this command to create the necessary TLS Secret employed here.
Installing user certificates on a new cluster
IBM Cloud Pak for Integration uses the keys generated automatically by Red Hat. See Default certificates.
Once the installation of IBM Cloud Pak for Integration has completed, you can then modify the installation to employ the certificates you want. Follow the instructions given in the next section to accomplish this task.
Updating Red Hat certificates on an existing cluster
IBM Cloud Pak for Integration uses the keys generated automatically by Red Hat. See Update certificates.
Using custom hostnames and certificates
You can customize the hostname and certificates for IBM Cloud Pak Platform UI. See Using custom hostnames and certificates.