Exporting the operator root CA key and importing it into an external service

After you import the certificate of the external service into the trust list, if the external service needs to access your component, you must extract the operator root CA certificate and import it to the truststore of the external service.

Procedure

Extract the root CA certificate and import it to the truststore of the external service. By default all components use the shared_configuration.root_ca_secret parameter to store the root CA certificate.

If you are using the default value icp4a-root-ca for the secret name, use the following command to find the root CA certificate.

oc get secret icp4a-root-ca -o template --template='{{ index .data "tls.crt" }}' | base64 --decode > rootCA.crt