Creating a secret

You must create a secret for S3 targets that use a self signed certificate before you create a backup storage location.

Whenever you create a backup storage location for S3 compliant storage, you have the option to specify a certificate to authenticate the connection.

1. Extract the certificate from an S3 compliant service to a file. Use the openssl command to extract the certificate into the file tls.crt.
   Note: Ensure that the file name must be tls.crt.

   openssl s_client -connect <s3-service-name>-<s3-service-namespace>.apps.<fusion-hostname>.<domainname>:443 -showcerts \
    | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > tls.crt

   For example, use the openssl command to extract the certificate from the minio service in the minio-ns namespace on a IBM Storage Fusion cluster.

   openssl s_client -connect minio-minio-ns.apps.myfusionhostname.mydomain:443 -showcerts \
    | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > tls.crt

2. Run the oc command to create a generic secret in the IBM Storage Fusion namespace using the tls.crt file.

   oc create secret generic <secret-name> --type=opaque --from-file=tls.crt -n <fusion-namespace>

   For example, in the default IBM Storage Fusion namespace ibm-spectrum-fusion-ns.

   oc create secret generic minio-cert-secret --type=opaque --from-file=tls.crt -n ibm-spectrum-fusion-ns

   Note: Make a note of this secret name. You need it to create a backup storage location.