Configuring a custom Secure Sockets Layer (SSL) certificate

You can configure an SSL certificate to encrypt your organization's data exchanged between the browser and the IBM® DevOps Velocity (Velocity) application.

You must have completed the following tasks:
  • Ensured that the OpenShift cluster is set up on the host system and have sufficient cluster-level permission.
  • Installed Helm on the OpenShift cluster. See Installing Helm.
  • You must have created an SSL certificate and got the key.pem and certificate.crt file.

The helm install will automatically create a self-signed certificate and it is stored in a default TLS secret with the name Velocity-tls to match the OpenShift route. You can update the self-signed certificate with a custom SSL certificate if you have an SSL certificate by a trusted Certifying Authority (CA). To update a custom SSL certificate you must create a secret in the OpenShift cluster by following the steps in this task and you can provide the name of the new secret that you created for the tls.secret parameter in the helm install command during installation.

  1. If you don't have an SSL certificate you can generate an OpenSSL certificate and get the certificate.crt and key.pem files. To create an OpenSSL certificate perform any of the following steps:
    • On the Linux operating system, run the following command in command line to create the certificate and key.
      openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.crt

      The certificate.crt and key.pem files will be created in the directory from which you ran the command.

    • On the Windows operating system, run the following command in Git to create the certificate and key. 
      openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.crt

      Git creates the certificate.crt and key.pem files in Program Files\Git\usr\bin directory.

  2. Navigate to the directory where the certificate.crt and key.pem files are available and run the following command:
    kubectl create -n <custom_namespace_name> secret tls velocity-custom-tls --key <key.pem> --cert <certificate.crt>
    The following message is displayed: secret/velocity-custom-tls created.