Enable SSL in
Before you begin
You must have the certificate that is already created for the domain.
The ingress controller is installed on the cluster. But it works for other ingress controllers
traefik. For more information on
nginx ingress controller
documentations, see Installation Guide and Docker development YouTube series.
Ensure that you have installed the IBM® Sterling Order Management System Software Operator.
- Create the keystore from the certificate with the following command:
openssl pkcs12 -export -in <certificate file> \ -inkey <certificate key> \ -out tls.p12 \ -name <yourdomain> \ -CAfile <CA file>
- Create the ingress TLS secret with the SSL certificate. This TLS secret is used for the
ingress from client to the controller.
kubectl create secret tls ingress-secret \ --namespace <your namespace> \ --key tls.key \ --cert tls.crtNote: If you do not want to use the default certificate, you can add your own certificate by creating the secret from it and using it in the
- Create a configMap by using
additionalMountsas explained in Configuring additionalMounts parameter.
- Pass the configMap in your OMEnvironment yaml file.
- Deploy in
OMEnvironmentinstance with the following command:
# (truncated) # ... common: ingress: host: <your domain> ssl: # enable SSL enabled: true # this is the secret created in the earlier step identitySecretName: ingress-secret security: ssl: trust: # this is the `tls.p12` file you created in the earlier step storeLocation: /shared/tls.p12 storeType: PKCS12 # ... # (truncated)
What to do next
After the deployment is completed, access the application ingresses in the browser and check the following points:
- The applications are accessible.
- Click the lock icon in the URL bar to check whether the correct certificate is shown.