In MAS8, there are several types of certificates that are commonly used. Here, some of them are manual and some of them are auto generated.

1. What is the best way to use of Manual (Custom) and auto generated certificates for OCP, MAS Core, Manage, IOT, Monitor, Health and Predict? Does MAS 8 support the combination of both Custom and Auto generated? Does URLs secured if we could use custom certificates generated using utilities?
2. What is the way to find expiration date of other certificates like Mongo, SLS, BAS which got generated automatically? How to renew those certificates? What is the impact MAS8 during renewal of this certificates? 

------------------------------
--------------------------
Best Regards
Ramakrishnudu Kayala
--------------------------
------------------------------

As per my understanding, for question 1, you can create a custom ClusterIssuer to generate "custom" certificates, for instance, non Let'sEncrypt certificates. I'm unsure how you can update which ClusterIssuer to use after installing MAS. 

For question 2, it is managed by the cert-manager and ClusterIssuer, so it will auto-renew the certificates and update the config maps and secrets with the new certs.

------------------------------
Maycon Belfort
Consultant
BPD Zenith
Melbourne
Australia
------------------------------

Original Message:
Sent: Tue March 12, 2024 04:27 AM
From: Ramakrishnudu Kayala
Subject: What is the best way to manage certificates for the Maximo Application Suite?

In MAS8, there are several types of certificates that are commonly used. Here, some of them are manual and some of them are auto generated.

1. What is the best way to use of Manual (Custom) and auto generated certificates for OCP, MAS Core, Manage, IOT, Monitor, Health and Predict? Does MAS 8 support the combination of both Custom and Auto generated? Does URLs secured if we could use custom certificates generated using utilities?
2. What is the way to find expiration date of other certificates like Mongo, SLS, BAS which got generated automatically? How to renew those certificates? What is the impact MAS8 during renewal of this certificates? 

------------------------------
--------------------------
Best Regards
Ramakrishnudu Kayala
--------------------------
------------------------------

Cert-manager (which is opensource) manages all the certs. You have an option to use Let's Encrypt/public, or you can use custom/internal.

1. MAS out of the box (if you don't define a ClusterIssuer for LE or custom certificates) would use self-signed certificates generated and maintained by cert-manager. In general, the out-of-the-box self-signed certs have long expiration period. 

2. All certificates are in Secrets. There are several publicly available certificate decoder services you can use to easily check the expiration dates. There's also command line options to check.

------------------------------
Arif Ali
------------------------------

Original Message:
Sent: Tue March 12, 2024 04:27 AM
From: Ramakrishnudu Kayala
Subject: What is the best way to manage certificates for the Maximo Application Suite?

In MAS8, there are several types of certificates that are commonly used. Here, some of them are manual and some of them are auto generated.

1. What is the best way to use of Manual (Custom) and auto generated certificates for OCP, MAS Core, Manage, IOT, Monitor, Health and Predict? Does MAS 8 support the combination of both Custom and Auto generated? Does URLs secured if we could use custom certificates generated using utilities?
2. What is the way to find expiration date of other certificates like Mongo, SLS, BAS which got generated automatically? How to renew those certificates? What is the impact MAS8 during renewal of this certificates? 

------------------------------
--------------------------
Best Regards
Ramakrishnudu Kayala
--------------------------
------------------------------