Maximo Application Suite
Customer-managed

Disabling default certificate authorities

Starting in Maximo® Application Suite 8.11, you can disable default certificates. Maximo Application Suite provides a built-in set of certificate authority (CA) certificates and by default automatically trusts a certificate if that certificate is issued by one of these CAs. To disable the default CAs that are provided, you can update the custom resource (CR) file for Maximo Application Suite. If you disable the default trust then you need to specifically configure certificates and CAs for all external systems that Maximo Application Suite connects to.

About this task

The trustDefaultCAs variable in the custom resource (CR) is set to True to trust certificates that are issued by one of the default certificate authorities. If the trustDefaultCAs variable is not included in the CR, the use of the default certificate authorities is assumed as True.

To disable and prevent Maximo Application Suite from automatically trusting these default certificate authorities, you must set the trustDefaultCAs variable in the CR is set to False.

Procedure

  1. In the Red Hat® OpenShift® Container Platform console, in the Administration section, select CustomResourceDefinitions.
  2. In the CustomResourcesDefinitions window, select the Suite CR.
  3. In the CustomResourcesDefinitions window, on the Instances tab, select the instance that you want to update.
  4. On the YAML tab for the instance, in the spec.settings section, add or change the trustDefaultCAs variable with the setting of False.
  5. Save the CR changes.

    This update might take a few minutes to process. To validate that the update is applied, check that the setting for the trustDefaultCAs variable in the status.settings section is set to False.

What to do next

You will have to provide the required CA certificates when configuring all TLS connections from Maximo Application Suite to external services.