In this video

In this new demo video, Veer Muchandi explains the different options that developers have to use SSL with OpenShift.

Additional Information

Link to the architecture that explains these concepts: Secured Routes

Commands used to generate keystone and certs for use with edge termination with certificates

Create a keystore:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048

Convert key to pkcs12 format:

keytool -importkeystore -srckeystore keystore.jks  -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12

Get cert and private key from this file:

openssl pkcs12 -in keystore.p12 -nodes -password pass:supersecret
Commands used to generate keystore, secret and service account for passthrough termination:

Create a keystore:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048

Add a secret:

oc secrets new eap-app-secret keystore.jks

Add a service account to use the above secret:

echo '{
"apiVersion": "v1",
"kind": "ServiceAccount",
"metadata": {
"name": "eap-service-account"
},
"secrets": [
{
"name": "eap-app-secret"
}
]
}' | oc create -f -

Acknowledgments

Special thanks go to Ram Ranganathan(ramr@redhat.com) for helping with keytool commands.

View the Entire OpenShift 3 Demo Playlist

For the latest information on OpenShift 3, please visit enterprise.openshift.com.