Using custom certificates
Learn how to use a custom certificate for License Service API over https.
Configuring a custom certificate for License Service
To configure a custom certificate for License Service communication, complete the following steps:
-
Change the certificate name to
tls.crt
. -
Change the name of the key to
tls.key
. -
Run the following command to change the directory to where the certificate and the key are stored:
cd <certificate_directory>
-
Create a secret by using the following command:
licensingNamespace=$(oc get pods --all-namespaces | grep "ibm-licensing-service-" | awk {'print $1'}) kubectl create secret tls ibm-licensing-certs --key tls.key --cert tls.crt -n ${licensingNamespace}
-
Edit the IBMLicensing custom resource to include the certificate. Add the following parameters to the
IBMLicensing
section, underspec
:-
To enable the
https
connection, add the following line:httpsEnable: true
-
To apply the custom certificate that you created in step 4 as
ibm-licensing-certs
, add the following line:httpsCertsSource: custom
For example:
apiVersion: operator.ibm.com/v1alpha1 kind: IBMLicensing metadata: name: instance spec: httpsEnable: true httpsCertsSource: custom
-
When you change or replace a Custom Certificate to get the new Certificate, applied to the License Service, make sure to delete the ibm-licensing-operator-xxxx
pod. This operation forces restart of the License Service with updated
certificate.