There are 2 docs related to "Replace the certificates for Service Management Automation"https://docs.software.hpe.com/wiki/display/ITSMA201711H/Replace+the+certificates+for+Service+Management+Automation
Both docs step 1 is the same as below:
1.Generate a certificate and private key for the host on which the ingress service is running. Save the certificate and key on the master node.
It's not detailed enough, need to know how and where to generate a certificate and private key.
In order to generate a certificate and private key for itsma, customer need to get ssl crt and key first, usually need to pay extra money to buy the service from ssl provider.
Then you could use the tool OpenSSL to generate the crt and key used in itsma.
Below is an example provided:
1. Create private key that used in itsma suite
openssl genrsa -out shc-itsma-suite-cd-85.hpeswlab.net.key 4096
2. Create certificate signing request (CSR)
openssl req -new -key shc-itsma-suite-cd-85.hpeswlab.net.key -subj "/CN=shc-itsma-suite-cd-85.hpeswlab.net" -out shc-itsma-suite-cd-85.hpeswlab.net.csr
3. Create certificate that used in itsma suite
openssl x509 -sha256 -req -in shc-itsma-suite-cd-85.hpeswlab.net.csr -CA "/opt/kubernetes/ssl/ca.crt" -CAkey "/opt/kubernetes/ssl/ca.key" -CAcreateserial -out shc-itsma-suite-cd-85.hpeswlab.net.crt -days 365
Note: Amazon should provide -CA "/opt/kubernetes/ssl/ca.crt" -CAkey "/opt/kubernetes/ssl/ca.key"
4. Change the access permissions for the certificate and private key
chmod 0400 shc-itsma-suite-cd-85.hpeswlab.net.crt shc-itsma-suite-cd-85.hpeswlab.net.key