Bringing back your original CA Certificate
You can bring back your previous CA certificate.
Complete these steps:
-
If you added
BYOCACertificate: true
in thespec
section of theCommonService
, remove the entry from the CR. For more information, see Bring your own CA Certificate. -
If you have the foundational services self-signed CA certificate resource, delete it.
oc delete certificate cs-ca-certificate -n <your-foundational-services-namespace>
-
If you have the foundational services issuer, delete it.
oc delete issuer cs-ss-issuer -n <your-foundational-services-namespace>
-
Delete the foundational services self-signed CA certificate secret.
oc delete secret cs-ca-certificate-secret -n <your-foundational-services-namespace>
-
Restart the
ibm-common-service-operator
pod.-
Get the
ibm-common-service-operator
pod name.oc get pod -n <your-foundational-services-namespace> | grep ibm-common-service-operator
-
Delete the pod.
oc delete pod <ibm-common-service-operator-pod-name> -n <your-foundational-services-namespace>
-
After about 3 minutes, check whether the IBM Common Service Operator re-created the cs-ca-certificate
and cs-ca-certificate-secret
resources.