Red Hat blog
In this video
In this new demo video, Veer Muchandi explains the different options that developers have to use SSL with OpenShift.
Additional Information
Link to the architecture that explains these concepts: Secured Routes
Commands used to generate keystone and certs for use with edge termination with certificates
Create a keystore:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048
Convert key to pkcs12 format:
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12
Get cert and private key from this file:
openssl pkcs12 -in keystore.p12 -nodes -password pass:supersecret
Commands used to generate keystore, secret and service account for passthrough termination:
Create a keystore:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048
Add a secret:
oc secrets new eap-app-secret keystore.jks
Add a service account to use the above secret:
echo '{
"apiVersion": "v1",
"kind": "ServiceAccount",
"metadata": {
"name": "eap-service-account"
},
"secrets": [
{
"name": "eap-app-secret"
}
]
}' | oc create -f -
Acknowledgments
Special thanks go to Ram Ranganathan(ramr@redhat.com) for helping with keytool commands.
View the Entire OpenShift 3 Demo Playlist
For the latest information on OpenShift 3, please visit enterprise.openshift.com.