Legacy platform

Submitting SSL certificate updates on the legacy platform

As part of implementing your IBM® Sterling Order Management System service and your ongoing operations, you are responsible for purchasing and renewing any required SSL certificate for all of your environments. When you purchase or renew a certificate, you must send the certificate to IBM for installation within your environments.

Before you begin

Determine the certificate (SAN/DNS) names and organizational information that you need for requesting and purchasing your SSL/TLS certificates.


  1. Open a service request ticket within the IBM Support Portal to create a certificate signing request (CSR).
    As part of opening your ticket, provide the following information:
    • Organizational Unit
    • Organization
    • Locality
    • State
    • Country
    • Email
    • Key Length: 2048-bits
    • Certificate Signature Algorithm: SHA-256 with RSA
    • The URL and domain that you intend to use for your storefront.
  2. Submit your ticket.
    IBM generates a certificate signing request (CSR) based on the information that you included in the ticket and updates your ticket to include the generated certificate signing request.
  3. Use the certificate signing request to purchase your certificate and send the request to your certificate authority (CA) for signing.
  4. When you obtain your signed certificate, open another service request ticket to have IBM install the SSL certificate.
    For any certificates that you need imported to the environment, provide IBM documentation about the location where the certificate needs to be imported, such as the cell or node level, and indicate the associated truststore. Include any screen captures where appropriate.

    To provide the certificate to IBM, you must upload the certificate to the Vault server that is set up for you to use for your IBM Sterling Order Management System by IBM.

  5. After the certificate is installed, IBM updates your ticket to confirm the installation.
  6. Create DNS records in your own name space to match the names in your certificate.
    Each DNS record must be CNAME record instead of an "A" record. The CNAME record points to the appropriate IP address within the IBM Sterling Order Management System name space. For instance, a CNAME record that points to your production environment store can resemble the following record
    DNS/Certificate name Type Origin host 
    storewebsite.mydomain.com CNAME cust-live.prod.coc.ibmcloud.com 
  7. Create a service request and upload the certificate into the request to update the certificate for the web server.