Adding SSL certificates for the Cloud

Learn how to add SSL certificates for the Cloud.

About this task

Attention: If you want to use HTTPS to communicate with IBM Cloud Object Storage (COS), you first must retrieve the certificate from the IBM Cloud Object Storage server. Then when you create the cloud URL, you need to set the Certificate Alias to be the certificate alias you created .

To automatically retrieve an IBM Cloud Object Storage CA, complete the following steps:

Procedure

  1. Log in to the TS7700 MI and select theAccess icon on the left side of the panel, and click SSL Certificates.
  2. In the SSL Certificates window, click New Certificate .
  3. In the Add Certificate window, select Retrieve Certificate from server, and press Next. See the following figure:
  4. Then, enter the IP address of your IBM Cloud Object Storage Accessor node (Example, Host: IBM COS Management IP and Port: 443) and click Next, as shown in the following figure:
  5. In the Add Certificate window, enter an alias name. (Example, CloudCertificate1). Press Finish.

    The alias is used later when assigning different URLs to this specific CA, so choose a simple alias name that is memorable.

  6. A window indicating that the certificate has been added successfully will appear. Press close.
  7. Continue with creating the cloud URL.
    Note: When the cloud URL's are being created, use the alias name that was defined above for Certificate Alias.

Manually adding SSL certificates

About this task

When manually uploading the trust of CA through a text file, select the Security menu in IBM Cloud Object Storage Manager and click certificate authority in the System Fingerprint field.

Copy all the text that is displayed in your web browser, including “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----”. Paste the text into a simple text editor, and save it as a text file (for example, icos.pem), as shown in the following example:

Contents of the .pem file

-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgIQH4bSWUjefmHgSojBqPd86DANBgkqhkiG9w0BAQ0FADCB kTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGlj
...
IuSo89i55ct0+RL97GEgpQpfVIYgdefK3DNyA+IKgyS7nOntwoRjQ5MXgCWZUeNr LjF0nrBSux8=
-----END CERTIFICATE-----

Next, you must upload the certificate file to the TS7700 by using MI. Complete the following steps:

Procedure

  1. Select Access > SSL certificates.
  2. In the SSL Certificates window, click New Certificate.
  3. In the Add Certificate window, select Upload certificate file and click Next, as shown in the following figure:
    Figure 1. Selecting the Upload certificate file option
  4. Click Upload, select your SSL certificate file (for example, icos.pem), and then, click Next. See the following figure:
    Figure 2. Certificate upload progress
  5. Enter the alias of your internal SSL certificate (for example, CloudCertificate1) and click Finish (see Figure 3. Finishing the upload process). The alias is used later when assigning different URLs to this specific CA, choose a simple alias name that is easy to remember.
    Figure 3. Finishing the upload process