Establish secure LDAPS connections with self-signed certificates to protect the
confidential data.
About this task
IBM Data Cataloging supports LDAPS domain connections
with LDAP servers that are deployed with trusted (CA signed) certificates. To use self-signed
certificates, you need to add the self-signed certificate to the IBM Data Cataloging keystone pod trusted certificates list.
Procedure
- Ensure that the cacerts directory exists in the following path,
which is accessible to the keystone pod:
/opt/ibm/metaocean/data/keystone/cacerts/
If the directory is not available, create it by running the following
command:
oc -n ibm-data-cataloging exec deployment/isd-keystone -- mkdir -p /opt/ibm/metaocean/data/keystone/cacerts
Then,
retrieve the keystone pod name and copy the self-signed certificate to the
directory:
KEYSTONE_POD=$(oc -n ibm-data-cataloging get pod -o jsonpath='{.items[0].metadata.name}' -l role=keystone)
oc -n ibm-data-cataloging cp cert.crt $KEYSTONE_POD:/opt/ibm/metaocean/data/keystone/cacerts/cert.crt
- Update the certificates within the keystone pod by running the following command:
oc -n ibm-data-cataloging exec deployment/isd-keystone /update-cacerts.sh
- Restart the keystone pod to apply the changes by executing:
oc -n ibm-data-cataloging delete pod -l role=keystone