Enable SSL in OMEnvironment

Edit online

Before you begin

You must have the certificate that is already created for the domain.

The ingress controller is installed on the cluster. But it works for other ingress controllers like traefik. For more information on nginx ingress controller documentations, see Installation Guide and Docker development YouTube series.

Ensure that you have installed the IBM® Sterling Order Management System Software Operator.

Procedure

  1. Create the keystore from the certificate with the following command: 
    openssl pkcs12 -export -in <certificate file> \
-inkey <certificate key> \
-out tls.p12 \
-name <yourdomain> \
-CAfile <CA file>
  2. Create the ingress TLS secret with the SSL certificate. This TLS secret is used for the ingress from client to the controller. 
    kubectl create secret tls ingress-secret \
    --namespace <your namespace> \
    --key tls.key \
    --cert tls.crt
    Note: If you do not want to use the default certificate, you can add your own certificate by creating the secret from it and using it in the common.ingress.ssl.identitySecretName.
  3. Create a configMap by using additionalMounts as explained in Configuring additionalMounts parameter.
  4. Pass the configMap in your OMEnvironment yaml file.
  5. Deploy in OMEnvironment instance with the following command: 
    # (truncated)
# ...

common:
    ingress:
      host: <your domain>
      ssl:
        # enable SSL
        enabled: true
        # this is the secret created in the earlier step
        identitySecretName:  ingress-secret

security:
    ssl:
      trust:
        # this is the `tls.p12` file you created in the earlier step
        storeLocation: /shared/tls.p12
        storeType: PKCS12

# ...
# (truncated)

What to do next

After the deployment is completed, access the application ingresses in the browser and check the following points:

  • The applications are accessible.
  • Click the lock icon in the URL bar to check whether the correct certificate is shown.