Andrew,
Here are the SANs we have:
*.apps.<OCCLUSTER>
*.home.<MASDOMAIN>.apps.<OCCLUSTER>
*.manage.<MASDOMAIN>.apps.<OCCLUSTER>
*.<MASDOMAIN>.apps.<OCCLUSTER>
manage.<MASDOMAIN>.apps.<OCCLUSTER>
<MASDOMAIN>.apps.<OCCLUSTER>
Whether or not this is correct I can't be sure but we've had no issues.
BTW if you have other products other than manage you'd need additional SANs
For Example
*.predict.<MASDOMAIN>.apps.<OCCLUSTER>
Eric
------------------------------
Eric Burkland
San Diego County Water Authority
------------------------------
Original Message:
Sent: 07-15-2024 10:51
From: Andrew Meuse
Subject: TLS/SSL Certificate Management with MAS/Manage
Hey - was just going down this road and only came up with 3 SANs when looking at Core and Manage in https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=management-manual-certificate
*.masdomain
*.manage.masdomain
*.home.masdomain
I was wondering what the other 2 were you used. Did you use a multi-domain wildcard cert?
Thanks,
Andy
------------------------------
Andrew Meuse
JFC & Associates
Original Message:
Sent: 01-23-2024 13:43
From: Eric Burkland
Subject: TLS/SSL Certificate Management with MAS/Manage
So figured out the problem with the help of IBM and goDaddy. Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite. This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep. We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).
BTW each instance of maximo requires 5 SANs if you are using just core and Manage. If you install other products it is likely even more.
Cheers!
Eric
------------------------------
Eric Burkland
San Diego County Water Authority
Original Message:
Sent: 01-17-2024 19:14
From: Eric Burkland
Subject: TLS/SSL Certificate Management with MAS/Manage
Good Afternoon,
Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage. In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager. App Suite it's all done within OpenShift and IBM's documentation is confusing.
We currently use a wildcard cert *.domain.com signed by goDaddy. I assume that a wildcard cert such as the one we have covers all subdomains
Here is an example of a MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/
I've followed Manual certificate management
Ibm | remove preview |
| Manual certificate management | When you configure the suite, you can enable manual certificate management to upload your public transport layer security (TLS) certificates in Maximo Application Suite. After you enable certificate management, you can add certificates by adding secrets to your cluster in Red Hat OpenShift or by uploading certificates for your instance in the Maximo Application Suite user interface. | View this on Ibm > |
|
|
To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure. I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.
Any information would be appreciated.
#MaximoApplicationSuite
------------------------------
Eric Burkland
San Diego County Water Authority
------------------------------