Enabling SSL in Liberty for IBM Cloud Private

You can enable SSL to secure Liberty servers that run in IBM Cloud Private.

About this task

A minimal level of SSL is enabled by default. To configure secure communications, select one of the following methods, which might depend on whether you run in a development or production environment:
  1. Automatically enable SSL, and generate self-signed certificates. Optimal for development, since this is the simplest way to establish trust between applications. However, self-signed certificates are inherently not trusted by a browser.

    Typically, you select this option when you want to quickly enable secure communication between Liberty applications in a Kubernetes cluster. Generating self-signed certificates means that your browser window will require you to add an exception before you go to a specified URL.

  2. Enable SSL using third-party certificates.

    Select this option to run Liberty in an environment where you already have existing third-party certificates with trust already established.

  3. Accept the default SSL values within the Liberty Docker image. Applications do not automatically communicate across different servers when you accept this option.

    By accepting these default values and not using the Kubernetes secrets, the server has its own identity and might not be able to communicate with other servers.

    SSL is enabled by default. If you want to disable SSL, you can complete steps in this topic.

Procedure


Icon that indicates the type of topic Task topic

File name: twlp_icp_ssl_helm.html