Using custom certificates

Learn how to use a custom certificate for License Service API over https.

To configure a custom certificate for License Service communication, complete the following steps:

1. Change the certificate name to tls.crt.

2. Change the name of the key to tls.key.

3. Run the following command to change the directory to where the certificate and the key are stored:

   cd <certificate_directory>
   

4. Create a secret by using the following command:

   licensingNamespace=$(oc get pods --all-namespaces | grep "ibm-licensing-service-" | awk {'print $1'})
   kubectl create secret tls ibm-licensing-certs --key tls.key --cert tls.crt -n ${licensingNamespace}
   

5. Edit the IBMLicensing custom resource to include the certificate. Add the following parameters to the IBMLicensing section, under spec:

   • To enable the https connection, add the following line:

   httpsEnable: true
   

   • To apply the custom certificate that you created in step 4 as ibm-licensing-certs, add the following line:

   httpsCertsSource: custom
   

   For example:

   apiVersion: operator.ibm.com/v1alpha1
   kind: IBMLicensing
   metadata:
     name: instance
   spec:
     httpsEnable: true
     httpsCertsSource: custom
   

When you change or replace a Custom Certificate to get the new Certificate, applied to the License Service, make sure to delete the ibm-licensing-operator-xxxx pod. This operation will force restart of License Service with updated certificate.