I have created an application with a route to it using OpenShift Origin.
Now I want to make that route secure using TLS:
I've already created routes with edge and passthrough. But now I want to create a route which is using Reencrypt.
Therefore I need to specify some certificates in my route:
termination: reencrypt 1
key: [as in edge termination]
certificate: [as in edge termination]
caCertificate: [as in edge termination]
destinationCaCertificate: |- 2
I create my key and certificate in the following way:
# keytool -genkey -keyalg RSA -alias selfsigned -keystore
keystore.jks -storepass supersecret -validity 360 -keysize 2048 -keystore
# keytool -importkeystore -srckeystore privatekey.store -destkeystore keystore.p12 -srcstoretype jks
#####Take a look to the certificate and private key from this
# openssl pkcs12 -in keystore.p12 -nodes -password
It's very similar to edge termination. But there I don't have to describe a
I create my own certificate and key using keytool and convertion to pk12 (see above).
After that I can see my certificate and key (
) and copy them into my route.
Now is my problem that I don't really know what a
destinationCACertificate is? Do I have to create it in the same way as
I'm creating my normal key/certificate or do I have to read/create it