Additional CA certificates
If your IBM TRIRIGA Application Suite instance needs to integrate with external servers over TLS, you can provide additional CA certificates using the truststores.truststore-mgr.ibm.com/v1 API. You can use the truststores.truststore-mgr.ibm.com/v1 API to import any certificates that are required for single sign-on (SSO).
Note: You can use the
truststores.truststore-mgr.ibm.com/v1 API to import any
certificates that are required for single sign-on (SSO).
cat <<EOF | oc create -f -
apiVersion: truststore-mgr.ibm.com/v1
kind: Truststore
metadata:
name: my-tas-truststore
spec:
license:
accept: true
includeDefaultCAs: true
servers:
- "google.com:443"
- "ibm.com:443"
certificates:
- alias: alias_1
crt: |
-----BEGIN CERTIFICATE-----
...
Certificate 1
...
-----END CERTIFICATE-----
...
- alias: alias_n
crt: |
-----BEGIN CERTIFICATE-----
...
Certificate n
...
-----END CERTIFICATE-----
EOF
A secret with the same name of the Truststore CR is generated when it is processed by the operator. This secret holds the generated keystore in jks and p12 formats.