Maximo Application Suite
Customer-managed

Configuring certificate authority certificates

If the service that you are connecting to uses the transport layer security (TLS) communication protocol and is not secured with a certificate that is issued by a certificate authority (CA) that is trusted by default by Maximo® Application Suite, you must provide the certificate of the CA that issued the service's certificate. Since the CA might use intermediate CAs, you can provide more than one certificate.

If you configured trustDefaultCAs to false in the custom resource (CR), you must provide the CA for each service that you are connecting to.

About this task

Services that Maximo Application Suite might connect to include, MongoDB, Kafka, Db2®, Watson Studio, Object Storage and SMTP. For more information, see Prerequisite software.

For each certificate that you provide, the following details are displayed:
  • The name of the certificate issuer.
  • The name of the subject, such as the organization, that the certificate is issued to.
  • The start and end dates of the certificate's validity period. If the validity of any certificate that you provide expires soon, a warning message appears.

Procedure

You can automatically retrieve or manually add certificates.

  1. Automatically retrieving certificates

    In the certificates section, click Retrieve. If the connection credentials that you specify are correct, all CA certificates that are configured on the server are automatically retrieved and displayed.

    These certificates are not validated. Verify that only the correct certificates are retrieved and remove any unexpected certificates.

    After you retrieve certificates, you can manually add more certificates.

  2. Manually adding certificates

    In the certificates section, click Add manually and specify the following values for each certificate that you want to add:

    • Alias

      An alphanumeric identifier that is between 3 and 50 characters long.

    • Certificate content

      The content of a certificate file in either the X.509 or PEM formats.