IBM Cloud Pak foundational services Certificate management
All certificates that are required by IBM Cloud Pak® foundational services are created during deployment by using certificate manager (cert-manager). A common CA issuer is created from a self-signed CA certificate (certificate authority) and leaf certificates are created by individual common services from the common CA issuer. Cert-manager automatically refreshes individual certificates. The CA certificate used by foundational services has a default duration of 2 years. Cert-manager will automatically refresh the CA certificate and the ibm-cert-manager-operator will automatically refresh the leaf certificates created from the CA certificate. You can customize the duration of the CA certificate based on the certification rotation schedule.
- Foundational services cert-manager and community cert-manager version mapping
- Accessing the foundational services endpoint certificate
- Replacing the foundational services endpoint certificate (version 3.6.4 and later)
- Replacing the foundational services endpoint certificate (version 3.6.3 and earlier)
- Refreshing foundational services internal certificates
- IBM Certificate manager (cert-manager)
- Refreshing leaf certificates