When you configure the suite, you can enable manual certificate management to upload your
public transport layer security (TLS) certificates in Maximo® Application Suite. After you
enable certificate management, you can add certificates by adding secrets to your cluster in
Red Hat® OpenShift® or by uploading certificates for your instance in the
Maximo Application Suite user interface.
The following certificates must be available for each application in
Maximo Application Suite:
- tls.crt
- The server certificate to access Maximo Application Suite and the suite
applications.
- tls.key
- The server certificate key for use of the server certificate in Maximo Application Suite.
- ca.crt
- The public certificate of the certificate authority (CA) that authorizes your server
certificate.
You can add a different certificate for each application in Maximo Application Suite. However, the certificate authority must be the same across all applications. For example, if you
have one certificate for Maximo Manage that is signed by your internal CA,
other application certificates must also be signed by the same CA. Alternatively, you can have a
single generated certificate that includes all Subject Alternative Names (SAN).
The following tables provide the Subject Alternative Names (SAN) that you include in your
certificate for Maximo Application Suite applications. If you cannot use wildcards in
your certificate, you must include all endpoints individually.
Use the following environment variables that were defined during installation:
- masdomain
- The domain for your Maximo Application Suite instance is set during installation,
with the option for default values or custom configuration. You can locate the domain in your Red Hat OpenShift cluster in the suite custom resource (CR), specifically in the spec field.
- workspaceid
- The identifier for the unique workspace in which applications are deployed.
If you use a single certificate for
Maximo Application Suite, use the following
Subject Alternative Names:
Table 1. Subject Alternative Names (SAN) with
and without wildcard for a single certificate
| Application |
SAN with wildcards |
SAN without wildcards |
| Maximo Application Suite core |
'*.<masdomain>''*.home.<masdomain>'
|
admin.<masdomain>api.<masdomain>auth.<masdomain>home.<masdomain><workspaceid>.home.<masdomain>
|
| IoT |
'*.iot.<masdomain>''*.messaging.iot.<masdomain>'
In 8.11, the following SAN with wildcards are applicable:
*.edgeconfig.iot.<masdomain>*.edgeconfigapi.iot.<masdomain>
|
<workspaceid>.iot.<masdomain><workspaceid>.messaging.iot.<masdomain>messaging.iot.<masdomain>
In 8.11, the following SAN without wildcards are applicable:
edgeconfig.iot.<masdomain>edgeconfigapi.iot.<masdomain><workspaceid>.edgeconfig.iot.<masdomain><workspaceid>.edgeconfigapi.iot.<masdomain>
|
| Maximo Monitor |
'*.monitor.<masdomain>''*.api.monitor.<masdomain>'
|
admin.monitor.<masdomain>api.monitor.<masdomain><workspaceid>.monitor.<masdomain><workspaceid>.api.monitor.<masdomain>
|
| Maximo
Optimizer |
'*.optimizer.<masdomain>''*.api.optimizer.<masdomain>'
|
<workspaceid>.optimizer.<masdomain><workspaceid>.api.optimizer.<masdomain>
|
| Maximo Manage |
|
<workspaceid>.manage.<masdomain><workspaceid>-all.manage.<masdomain><workspaceid>-cron.manage.<masdomain><workspaceid>-mea.manage.<masdomain><workspaceid>-rpt.manage.<masdomain><workspaceid>-ui.manage.<masdomain>maxinst.manage.<masdomain>
|
| Maximo Health |
|
<workspaceid>.health.<masdomain><workspaceid>-all.health.<masdomain><workspaceid>-cron.health.<masdomain><workspaceid>-mea.health.<masdomain><workspaceid>-rpt.health.<masdomain><workspaceid>-ui.health.<masdomain>maxinst.health.<masdomain>
|
| Maximo Predict |
|
<workspaceid>.predict.<masdomain>predict.<masdomain>
|
| Maximo Assist |
|
<workspaceid>.assist.<masdomain>
|
| Maximo Health and Predict - Utilities |
'*.hputilities.<masdomain>'
|
<workspaceid>.hputilities.<masdomain>
|
| Maximo Visual Inspection |
'*.visualinspection.<masdomain>'
|
<workspaceid>.visualinspection.<masdomain>
|
If you use a certificate for each application in
Maximo Application Suite, use the
following Subject Alternative Names:
Table 2. Subject Alternative Names
(SAN) with and without wildcard for multiple application certificates
| Application |
SAN with wildcards |
SAN without wildcards |
| Maximo Application Suite core |
'*.<masdomain>''*.home.<masdomain>'
|
admin.<masdomain>api.<masdomain>auth.<masdomain>home.<masdomain><workspaceid>.home.<masdomain>
|
| IoT |
*.<masdomain>'*.iot.<masdomain>''*.messaging.iot.<masdomain>'
In 8.11, the following SAN with wildcards are applicable:
*.edgeconfig.iot.<masdomain>*.edgeconfigapi.iot.<masdomain>
|
iot.<masdomain><workspaceid>.iot.<masdomain><workspaceid>.messaging.iot.<masdomain>messaging.iot.<masdomain>
In 8.11, the following SAN without wildcards are applicable:
edgeconfig.iot.<masdomain>edgeconfigapi.iot.<masdomain><workspaceid>.edgeconfig.iot.<masdomain><workspaceid>.edgeconfigapi.iot.<masdomain>
|
| Maximo Monitor |
*.<masdomain>'*.monitor.<masdomain>''*.api.monitor.<masdomain>'
|
monitor.<masdomain>admin.monitor.<masdomain>api.monitor.<masdomain><workspaceid>.monitor.<masdomain><workspaceid>.api.monitor.<masdomain>
|
| Maximo
Optimizer |
*.<masdomain>'*.optimizer.<masdomain>''*.api.optimizer.<masdomain>'
|
optimizer.<masdomain><workspaceid>.optimizer.<masdomain><workspaceid>.api.optimizer.<masdomain>
|
| Maximo Manage |
*.<masdomain>'*.manage.<masdomain>'
|
manage.<masdomain><workspaceid>.manage.<masdomain><workspaceid>-all.manage.<masdomain><workspaceid>-cron.manage.<masdomain><workspaceid>-mea.manage.<masdomain><workspaceid>-rpt.manage.<masdomain><workspaceid>-ui.manage.<masdomain>maxinst.manage.<masdomain>
|
| Maximo Health |
*.<masdomain>'*.health.<masdomain>'
|
health.<masdomain><workspaceid>.health.<masdomain><workspaceid>-all.health.<masdomain><workspaceid>-cron.health.<masdomain><workspaceid>-mea.health.<masdomain><workspaceid>-rpt.health.<masdomain><workspaceid>-ui.health.<masdomain>maxinst.health.<masdomain>
|
| Maximo Predict |
|
<workspaceid>.predict.<masdomain>predict.<masdomain>
|
| Maximo Assist |
*.<masdomain>'*.assist.<masdomain>'
|
assist.<masdomain><workspaceid>.assist.<masdomain>
|
| Maximo Health and Predict - Utilities |
*.<masdomain>'*.hputilities.<masdomain>'
|
hputilities.<masdomain><workspaceid>.hputilities.<masdomain>
|
| Maximo Visual Inspection |
*.<masdomain>'*.visualinspection.<masdomain>'
|
visualinspection.<masdomain><workspaceid>.visualinspection.<masdomain>
|
