[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

A Secured Route Using Re-Encrypt Termination



I want to create a secured route using Re-Encrypt Termination. I already did it for edge and passthrough.
The beginning looks very similar to edge so I'm performing the following steps:

# mkdir /etc/origin/keys/new-key/

# keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048 -keystore /etc/origin/keys/s2i-key/privatekey.store

keytool -importkeystore -srckeystore keystore.jks  -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12

Take a look to the certificate and private key from this file

# openssl pkcs12 -in keystore.p12 -nodes -password pass:supersecret


Now I will paste the key and certificate into the route. So the first thing is ready. (similar to edge). The traffic between the browser and the router will be encrypted.
tls:
    termination: reencrypt        1
    key: [as in edge termination]
    certificate: [as in edge termination]
    caCertificate: [as in edge termination]
    destinationCaCertificate: |-  2
      -----BEGIN CERTIFICATE-----
      [...]
      -----END CERTIFICATE-----

But now I'm stuck. I need to add another certificate als destinationCaCertificate (optional but I want do this otherwise there is no difference with edge?)
Do I have to generate a new certificate and add it there? I don't know it.
It's a destinationcaCertificate. What's the difference with a normal certificate? I also see the caCertificate as optional (also for edge). But I never used it


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]