IBM Cloud - Structured Ideas

Welcome to the idea portal for structured ideas (i.e. product feature requests) - A more integrated and automated feedback system to connect your product improvement ideas with IBM product and engineering teams.  Happy submitting!

 

NOTE: All IBM employees must enter Ideas through this Ideas Portal.

Client needs to have a self-signed certificated added to the CF environment in their dedicated region.

This is needed  to be able to access resources on external (to Bluemix) servers in SoftLayer that the client manages.   Resources on these servers need to be accessed over https during CF operations (such as application staging) and by runtime operations.  Without the self-signed certificates, the connections over https are not trusted and are failing, most likely due to security prompts.  (The same connections over http: are working fine.)  

One example of what the client is doing is specifying a custom buildpack on the CF push (ie, -b https://buildpack.mycustomdomain.com).  CF is not able to download the buildpack due to the un-trusted connection.

Without having the certificate in CF, the https requests to the client-managed external servers will not be trusted and the connections will fail.

  • Guest
  • Oct 23 2017
  • Closed
  • Attach files
  • Michal Tekel commented
    October 23, 2017 15:07

    Note that we asked to add a trusted certificate into container root store, as described here: https://docs.cloudfoundry.org/adminguide/trusted-system-certificates.html

  • Guest commented
    November 14, 2017 13:50

    Hi BM OM team,
    LBG is asking an update here. Can you please let me know your evaluation and the status?

  • ANANDA DEBNATH commented
    November 14, 2017 20:06

    Thanks for adding this requirement. We have accepted this for our longer term roadmap.

    We're also evaluating a short-term possibility where customers would be able to open a support request to add their self-signed certificates. In the meantime, we recommend that customers use commercially signed certificates for solving this problem if they need it sooner.

  • Guest commented
    April 04, 2018 15:50

    This requirement was requested directly from client to me.
    It has been implemented in March 2018 and I have verified that it covers exactly what requested by client and it works fine, so it can be closed now.

  • Guest commented
    April 04, 2018 16:05

    PLEASE IGNORE MY PREVIOUS COMMENT (April 4, 2018 15:50). It was for another ER, sorry

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions