How To
Summary
The Cloud Pak for Security domain is provided at installation time and requires a TLS certificate to allow access to the Cloud Pak for Security web console. If a Cloud Pak for Security platform is not installed on one of the following environments, then a unique FQDN for the Cloud Pak for Security platform must be created.
Objective
How to:
- Display the certificate from within the secret to the console in text format.
- Extract from secret the certificate file and key for the Cloud Pak for Security domain.
Environment
IBM Cloud®
Amazon Web Services (AWS)
Microsoft Azure
Amazon Web Services (AWS)
Microsoft Azure
VMware (VSphere)
Required:
- Red Hat OpenShift CLI command-line tool
- OpenSSL tool
Steps
Option 1: Display the certificate from within the secret to the console in text format
- Display the name of the keys in the secret:
oc describe secret isc-ingress-default-secret -n YOUR-CP4S-NAMESPACE-HERE
EXAMPLE OUTPUT:Name: isc-ingress-default-secret Namespace: cp4s Labels: app.kubernetes.io/instance=isc-ingress-default-secret app.kubernetes.io/managed-by=ibm-security-solutions-prod app.kubernetes.io/name=isc-ingress-default-secret Annotations: <none> Type: kubernetes.io/tls Data ==== tls.crt: 4320 bytes tls.key: 1678 bytes
tls.crt
andtls.key
. - Display the contents of the certificate within the secret:
oc extract secret/isc-ingress-default-secret -n YOUR-CP4S-NAMESPACE-HERE --keys tls.crt --to - | openssl x509 -noout -text
tls.crt
key.
EXAMPLE OUTPUT:# tls.crt Certificate: Data: Version: 3 (0x2) Serial Number: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 Signature Algorithm: sha384WithRSAEncryption Issuer: C = AT, O = CertIssuerCo, CN = CertsIssuerCoRSA Domain Secure Site CA Validity Not Before: Oct 30 00:00:00 2021 GMT Not After : Jan 28 23:59:59 2023 GMT Subject: CN = your.cp4s-domain.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 01:01:01:01:01:01:01:01:01:01:01:01:01:01:01:01:01:01:01
Option 2: Extract the certificate and key from the secret
- Extract the keys in the secret to files to the current present working directory.
oc extract secret/isc-ingress-default-secret -n YOUR-CP4S-NAMESPACE-HERE
- Files are created with names
tls.crt
andtls.key
NOTE: Extracting the keys from the secret creates files of the same name.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001js1AAA","label":"Openshift"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.7.2;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
10 March 2022
UID
ibm16416009