IBM Cloud - Structured Ideas

Welcome to the idea portal for structured ideas (i.e. product feature requests) - A more integrated and automated feedback system to connect your product improvement ideas with IBM product and engineering teams.  Happy submitting!


NOTE: All IBM employees must enter Ideas through this Ideas Portal.

Manage and view individual SSL client certificates

Using mutual authentication in Bluemix requires the loading of client certs or trust stores.

This is possible via the Bluemix console, but there is no way to list or view current client certs, and there is no way to upload an additional or revoke a single client cert without going through the entire upload process of server cert, private key, intermediate, and client trust store altogether again.

This method takes time and is could introduce problems if an incorrect cert is uploaded by human error.  Changing a client cert should not mean having to change server certs.

When revoking access, rather than just being able to delete a cert, we have to re-upload all which again could have an impact on running services.

  • Guest
  • May 17 2017
  • Shipped
  • Attach files
  • Guest commented
    June 21, 2017 09:38

    This has been changed to 'Returned for specifics'.  There is no explanation - do I need to provide further details?  Is there an action on me as the requester or is it being reviewed by Cloud team?

  • Douglas Rothert commented
    July 06, 2017 20:12

    Not sure why you didn't see the internal comment but the question was:

    Can you please provide a screenshot of where you are experiencing this?

  • Guest commented
    July 10, 2017 09:28

    Screenshot of the domain SSL in Bluemix console.  There is no option to add only an individual client certificate.  The upload button is only enabled when the server cert and private key are specified as well.  Only then can I add an entire new client trust store.    Would be good to be able to upload a single new client cert.

  • Admin
    Kala Nenkova commented
    October 08, 2018 20:38

    This is possible in Cloud Foundry Enterprise Environments which GA'ed last week.

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions