Specifying your own certificate for IBM Cloud Private services
Provide your own certificate to use for authentication of the Image Manager (Docker Registry) and IBM® Cloud Private management ingress.
You can BYOK (Bring Your Own Key) to use inside your IBM Cloud Private cluster. Your BYOK certificate key must be exported in PEM (OpenSSL) format. In the subject alternate name (SAN) of your certificate, you must include the CA domain parameter name. Complete the following steps to use an existing certificate.
-
Create the
cfc-certs/router
directory inside your cluster directory.mkdir <installation_dir>/cluster/cfc-certs/router
-
Rename your existing BYOK to
icp-router.key
, and copy the key file to the installation directory.mv <BYOK_location>/<BYOK> icp-router.key cp icp-router.key <installation_dir>/cluster/cfc-certs/router/
-
Rename your existing certificate for your BYOK to
icp-router.crt
, and copy the certificate file to the installation directory.mv <BYOK_location>/<BYOK_cert> icp-router.crt cp icp-router.crt <installation_dir>/cluster/cfc-certs/router/
-
Set the CA domain parameter in the
<installation_dir>/cluster/config.yaml
file to the CN name of your BYOK.cluster_CA_domain: <cn_name_BYOK>
-
Install your cluster.