Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Delivered
Created by Guest
Created on Mar 28, 2022

ACME certificate update practice

Certificate durations from major vendors are down from three years to one, and there is rumbling that they'll get shorter still.


This means that certificate update methodologies need to be dramatically smoother, more automatic, than was acceptable in the past.


The asymptote of these automation efforts is ACME, which is completely automated, perhaps best exemplified by the Lets Encrypt ecosystem.


https://letsencrypt.org/docs/client-options/


Other providers also support the ACME methodology, though. (We at the University of Florida use InCommon, as do many higher-ed customers.)


https://incommon.org/certificates/automated-certificate-management-environment-acme/


ACE should be able to partake of these automated environments.


For that matter, CP4I, DPGW and MQ should be able to do so, also. Should I make separate ideas?




Idea priority Medium
  • Guest
    Reply
    |
    Dec 22, 2023

    Hi; thanks for your reply.


    This is skew to my question: CP4D is not ACE. If you mean "We don't contemplate supporting ACME in the standalone ACE service", then I'd appreciate a clear statement to that effect.




  • Admin
    Andy Garratt
    Reply
    |
    Dec 21, 2023

    As of 2023.4.1 and the move to Keycloak and Foundation Services 4, the cloud pak components should now use the same certificate process as OpenShift does - for example, if you are running OpenShift on IBM cloud managed (ROKS) then the OCP certificates are letsencrypt on ROKS - so they will be in the CP4I components as welll.

  • Guest
    Reply
    |
    May 11, 2022

    RFE Review. Thank you for taking the time to submit this idea for enhancement. We're broadly supportive of the concept and we note similar trends in the industry; similar motivation was behind the feature in ACEv11.0.0.9 to provide the admin REST API for the dynamic reload of certificates for the HTTPS Listener. Overall we're unlikely to prioritise the need urgently given the other pressing business demands we face, but we're for sure interested for the future so would be keen to hear from other users on this topic. Status updated to Future Consideration.