Additional CA certificates

If your IBM TRIRIGA Application Suite instance needs to integrate with external servers over TLS, you can provide additional CA certificates using the truststores.truststore-mgr.ibm.com/v1 API. You can use the truststores.truststore-mgr.ibm.com/v1 API to import any certificates that are required for single sign-on (SSO).

Note: You can use the truststores.truststore-mgr.ibm.com/v1 API to import any certificates that are required for single sign-on (SSO).

cat <<EOF | oc create -f -
apiVersion: truststore-mgr.ibm.com/v1
kind: Truststore
metadata:
    name: my-tas-truststore
spec:
    license:
        accept: true
    includeDefaultCAs: true
    servers:
    - "google.com:443"
    - "ibm.com:443"
    certificates:
    - alias: alias_1 
      crt: |
        -----BEGIN CERTIFICATE-----
        ...
        Certificate 1   
        ...
        -----END CERTIFICATE-----

        ...

    - alias: alias_n 
      crt: |
        -----BEGIN CERTIFICATE-----
        ...
        Certificate n   
        ...
        -----END CERTIFICATE-----
EOF        

A secret with the same name of the Truststore CR is generated when it is processed by the operator. This secret holds the generated keystore in jks and p12 formats.