Bringing back your original CA Certificate

You can bring back your previous CA certificate.

Complete these steps:

  1. If you added BYOCACertificate: true in the spec section of the CommonService, remove the entry from the CR. For more information, see Bring your own CA Certificate.

  2. If you have the foundational services self-signed CA certificate resource, delete it.

     oc delete certificate cs-ca-certificate -n <your-foundational-services-namespace>
    
  3. If you have the foundational services issuer, delete it.

     oc delete issuer cs-ss-issuer -n <your-foundational-services-namespace>
    
  4. Delete the foundational services self-signed CA certificate secret.

     oc delete secret cs-ca-certificate-secret -n <your-foundational-services-namespace>
    
  5. Restart the ibm-common-service-operator pod.

    1. Get the ibm-common-service-operator pod name.

       oc get pod -n <your-foundational-services-namespace> | grep ibm-common-service-operator
      
    2. Delete the pod.

       oc delete pod <ibm-common-service-operator-pod-name> -n <your-foundational-services-namespace>
      

After about 3 minutes, check whether the IBM Common Service Operator re-created the cs-ca-certificate and cs-ca-certificate-secret resources.