IBM Cloud Pak foundational services Certificate management

All certificates that are required by IBM Cloud Pak® foundational services are created during deployment by using certificate manager (cert-manager). A common CA issuer is created from a self-signed CA certificate (certificate authority) and leaf certificates are created by individual common services from the common CA issuer. Cert-manager automatically refreshes individual certificates. The CA certificate used by foundational services has a default duration of 2 years. Cert-manager will automatically refresh the CA certificate and the ibm-cert-manager-operator will automatically refresh the leaf certificates created from the CA certificate. You can customize the duration of the CA certificate based on the certification rotation schedule.

• Foundational services cert-manager and community cert-manager version mapping
• Accessing the foundational services endpoint certificate
• Replacing the foundational services endpoint certificate (version 3.6.4 and later)
• Replacing the foundational services endpoint certificate (version 3.6.3 and earlier)
• Refreshing foundational services internal certificates
• IBM Certificate manager (cert-manager)
• Refreshing leaf certificates