IBM Cloud Pak for Security

Cloud Pak for Security

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

CP4S IBM Cloud installation - Where to find cert.crt and cert.key

  • 1.  CP4S IBM Cloud installation - Where to find cert.crt and cert.key

    Posted Mon October 19, 2020 05:01 PM
    New to the hold OCP, just wondering if you could point me in the right direction.
    Doing a IBM Cloud Installation. OCP up and running , at CP4S installation section and can't seem to find documentation on where to find the following in OCP Admin or Dev Webportal. 

    # e.g ./path-to-cert/cert.crt (Required)
    cp4sdomainCertificatePath=""

    ## Path to domain certificate key ./path-to-key/cert.key (Required)
    cp4sdomainCertificateKeyPath=""

    Any help would be appreciated.

    Thx
    H

    ------------------------------
    Harold Bergeron
    ------------------------------


  • 2.  RE: CP4S IBM Cloud installation - Where to find cert.crt and cert.key

    Posted Tue October 20, 2020 11:02 AM
    Hello Harold,

    I'm not a CP4S expert, but tried on my own too, so I share a direction.

    You have to create these files.

    I think this is the information required on file in : inventory/installProduct/files/values.conf

    • cp4sapplicationDomain -> Fully Qualified Domain Name (FQDN) created for the IBM Cloud Pak for Security application
    • cp4sdomainCertificatePath -> Location of the TLS cert associated with the IBM Cloud Pak for Security application domain
    • cp4sdomainCertificateKeyPath -> Location of the TLS key associated with the IBM Cloud Pak for Security application domain
    • cp4scustomcaFilepath -> Location of the custom TLS certificate associated with the IBM Cloud Pak for Security application domain. Only required if using custom or self-signed certificate

    A Fully Qualified Domain Name (FQDN) must be created for CP4S. It must not be the same as the Red Hat OpenShift Container Platform (RHOCP) cluster FQDN, the IBM Cloud Platform Common Services FQDN, or any other FQDN associated with the RHOCP cluster.

    The application FQDN must point to the RHOCP cluster public IP address or hostname.

    I don't know if you generated It with your own PKI (myself i tried using my own lab Redhat Identity Manager to handle these certificates with my own CA), to get the right files .cert
    .key
    and my CA.pem.

    I see another interesting note related here on the documentation : https://www.ibm.com/support/knowledgecenter/en/SSTDPP_1.4.0/platform/docs/security-pak/tls_certs.html

    Hope this helps,

    Regards,
    Zoldax







    ------------------------------
    Pascal Weber
    -
    Abakus Sécurité
    PARIS
    ------------------------------

    Original Message