Generate https self signed OKD Openshift



[root@master-b01 ~]# vi /etc/ssl/req.conf
[req]
distinguished_name = Abimayu
x509_extensions = v3_req
prompt = no
[Abimayu]
C = ID
ST = DKI Jakarta
L = Jakarta
O = PT. Abimayu Indonesia
OU = IT Operation
CN = 192.168.123.1
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.abimayu.com
DNS.2 = api.upg.apps.abimayu.com

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/abimayu-selfsigned.key -out /etc/ssl/certs/abimayu-selfsigned.crt -config /etc/ssl/req.conf

will generate files :
/etc/ssl/certs/abimayu-selfsigned.crt
/etc/ssl/private/abimayu-selfsigned.key

Then check for validation certificate
openssl x509 -in /etc/ssl/certs/abimayu-selfsigned.crt -text -noout



OKD web >  name space > Route
- hostname : must filled
- services : pick one
- Security route : means https
- TLS Termination  : edge
- Insecure Traffic  :  redirect
- Certificates : filled  ( with : /etc/ssl/certs/abimayu-selfsigned.crt )
- Private Key : filled ( with : /etc/ssl/private/abimayu-selfsigned.key )

then save




source :

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-centos-7

https://www.sslshopper.com/article-most-common-openssl-commands.html

No comments:

Post a Comment

div>