[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Origin 1.8: Encrypt termination using destinationCACertificate



I have created an application with a route to it using OpenShift Origin. Now I want to make that route secure using TLS: I've already created routes with edge and passthrough. But now I want to create a route which is using Reencrypt.
Therefore I need to specify some certificates in my route:
apiVersion: v1
kind: Route
metadata:
  name: route-pt-secured
spec:
  host: www.example.com
 to: kind: Service name: service-name tls: termination: reencrypt 1 key: [as in edge termination] certificate: [as in edge termination] caCertificate: [as in edge termination] destinationCaCertificate: |- 2 -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----


I create my key and certificate in the following way:

# keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass supersecret -validity 360 -keysize 2048 -keystore /etc/origin/keys/s2i-key/privatekey.store

# keytool -importkeystore -srckeystore privatekey.store  -destkeystore keystore.p12 -srcstoretype jks -deststoretype pkcs12

#####Take a look to the certificate and private key from this file

# openssl pkcs12 -in keystore.p12 -nodes -password pass:supersecret



It's very similar to edge termination. But there I don't have to describe a destinationCACertificate. I create my own certificate and key using keytool and convertion to pk12 (see above). After that I can see my certificate and key (openssl pkcs12) and copy them into my route.
Now is my problem that I don't really know what a destinationCACertificate is? Do I have to create it in the same way as I'm creating my normal key/certificate or do I have to read/create it somewhere else?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]