Skip to Main Content
IBM Cloud - Structured Ideas

This portal is to open public enhancement requests against IBM Cloud and its products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

IBM Cloud Support Center ( – Use this site for any IBM Cloud defect or support need.

Stack Overflow ( – Use this site for IBM Cloud technical Q&A using the tag "ibm-cloud". - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Created by Guest
Created on Apr 12, 2018

Allow CF app custom domains to consume certs/keys stored in the IBM Certificate Manager

The process for uploading certs/keys to a CF custom domain is supported by both the UI (under manage orgs/domains) and the BX CLI (bx app domain-cert-add ...).  But that process is often the source of errors and requires that the consumer of the custom domain be given the cert/key files to upload (and some teams restrict access to these files).   


I've tested the differences in behavior and error checking between the cert upload process for a CF domain (UI and CLI) and that same process for the IBM Certificate Manager.  The IBM Certificate Manager does a few more checks on the cert/key data (preventing bad combos/expired certs). 


If the process of identifying and storing cert/key data for CF custom domains (which the UI/CLI does today to push them into the DataPower devices that support the custom domain request) were to allow us to point at a cert/key entry in an IBM Certificate Manager service instance created for the account, then you could allow reuse of certs from a single source (for other consumers, such as container-based apps) and CF apps and maybe even APIc.   This would also improve the client experience:

- a cert loaded is done;  configuring custom domains becomes easier as you just point at the existing cert already loaded.

- the IBM Certificate Manager UI is better at the load/check process

- the IBM Certificate Manager UI natively shows more information about the cert (when it expires) without having to open each individual cert that has been loaded.

Idea priority High