We had the same issue a couple years ago when first insall MAS, I had suggested/requested IBM MAS to use '-' instead '.' to construct their URLs like everyone else does. It (dot in URL) really created unnecessary complexity in certs, network load balancer config etc.
------------------------------
Jiang Monge
GM
------------------------------
Original Message:
Sent: 01-23-2024 13:43
From: Eric Burkland
Subject: TLS/SSL Certificate Management with MAS/Manage
So figured out the problem with the help of IBM and goDaddy. Issue is our standard wildcard certificate which we have used for many years won't work with Maximo Application Suite. This is because Maximo application suite and other products (i.e. Manage) have URLs which are 4/5/6 level subdomains deep. We ended up purchasing a certificate which allows for Subject Alternative Names (SAN).
BTW each instance of maximo requires 5 SANs if you are using just core and Manage. If you install other products it is likely even more.
Cheers!
Eric
------------------------------
Eric Burkland
San Diego County Water Authority
Original Message:
Sent: 01-17-2024 19:14
From: Eric Burkland
Subject: TLS/SSL Certificate Management with MAS/Manage
Good Afternoon,
Does anyone have any good step-by-step instructions for how to manage TLS/SSL Certificates in Maximo Application Suite/Manage. In Maximo Asset Management 7.6.1 it's pretty straight forward with IBM Key Manager. App Suite it's all done within OpenShift and IBM's documentation is confusing.
We currently use a wildcard cert *.domain.com signed by goDaddy. I assume that a wildcard cert such as the one we have covers all subdomains
Here is an example of a MAS Admin Dashboard URL https://auth.masdmo.apps.oc.domain.com/
I've followed Manual certificate management
| Ibm | remove preview |
| | Manual certificate management | | When you configure the suite, you can enable manual certificate management to upload your public transport layer security (TLS) certificates in Maximo Application Suite. After you enable certificate management, you can add certificates by adding secrets to your cluster in Red Hat OpenShift or by uploading certificates for your instance in the Maximo Application Suite user interface. | | View this on Ibm > |
|
|
To see if I could manually add the certificates and it looks like it added them but it is still saying the connection isn't secure. I'm wondering if my issue is the server doesn't recognize goDaddy as a trusted CA.
Any information would be appreciated.
#MaximoApplicationSuite
------------------------------
Eric Burkland
San Diego County Water Authority
------------------------------