Using custom certificates

Learn how to use a custom certificate for License Service API over https.

Configuring a custom certificate for License Service

To configure a custom certificate for License Service communication, complete the following steps:

  1. Change the certificate name to tls.crt.

  2. Change the name of the key to tls.key.

  3. Run the following command to change the directory to where the certificate and the key are stored:

    cd <certificate_directory>

  4. Create a secret by using the following command:

    licensingNamespace=$(oc get pods --all-namespaces | grep "ibm-licensing-service-" | awk {'print $1'})
kubectl create secret tls ibm-licensing-certs --key tls.key --cert tls.crt -n ${licensingNamespace}

  5. Edit the IBMLicensing custom resource to include the certificate. Add the following parameters to the IBMLicensing section, under spec:

    • To enable the https connection, add the following line:

      httpsEnable: true

    • To apply the custom certificate that you created in step 4 as ibm-licensing-certs, add the following line:

      httpsCertsSource: custom

      For example:

      apiVersion: operator.ibm.com/v1alpha1
kind: IBMLicensing
metadata:
   name: instance
spec:
   httpsEnable: true
   httpsCertsSource: custom

When you change or replace a Custom Certificate to get the new Certificate, applied to the License Service, make sure to delete the ibm-licensing-operator-xxxx pod. This operation forces restart of the License Service with updated certificate.