openshift-docs/modules/microshift-ingress-controller-create-cert-secret.adoc

// Module included in the following assemblies:
//
// * microshift_configuring/microshift-ingress-controller.adoc

:_mod-docs-content-type: PROCEDURE
[id="microshift-ingress-controller-create-cert-secret_{context}"]
= Creating a secret for the ingress controller certificateSecret

Use this procedure to create a secret that is referenced by the `certificateSecret` parameter value in the {microshift-short} configuration file. This secret contains the default certificate served by the ingress controller.

[NOTE]
====
Any in-use certificates is automatically integrated with the {microshift-short} built-in OAuth server.
====

.Prerequisites

* You have root access to {microshift-short}.
* You installed the {oc-first}.
* Your private key is not encrypted or you have decrypted it for importing into {microshift-short}.

.Procedure

. Create a secret that contains the wildcard certificate chain and key:
+
[source,terminal]
----
$ oc create secret tls <secret> <1>
     --cert=</path/to/cert.crt> <2>
     --key=</path/to/cert.key> <3>
     -n openshift-ingress
----
<1> `<secret>` is the name of the secret that contains the certificate chain and private key.
<2> `</path/to/cert.crt>` is the path to the certificate chain on your local file system.
<3> `</path/to/cert.key>` is the path to the private key associated with this certificate.
+
[IMPORTANT]
====
The certificate must include the `subjectAltName` extension showing `*.apps.<nodename>.<domain>`.
====

. Update the `certificateSecret` parameter value in the {microshift-short} configuration YAML with the newly created secret.

. Complete any other configurations you require, then start or restart {microshift-short} by running one the following commands:
+
[source,terminal]
----
$ sudo systemctl start microshift
----
+
[source,terminal]
----
$ sudo systemctl restart microshift
----