[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: TLS: secure routes on OpenShift



Den Cowboy wrote on 07/20/16 15:03:
I read about the 3 types of secure routes:
- Edge : encrypts routing from outside till router
- Passthrough: encrypts routing from outside till pod
- Re-encrypt: encrpyts from outside till router and than reencrypts from
router till pod (internally)

I'm able to create such a routes using the webconsole (or cli).
But I don't really know what to do if I have an application which needs
to connect with these secure routes?
For example:

project test1 (ns)
1 pod which is hosting some API service

project test2 (ns)
1 pod which is hosting some website which needs to connect with the API
service.

When you start the pod in project2 you're able to give an ENV VAR which
will contain the path to your API service:
oc new-app -e URL="http://my-api.dev.all"; test1/app1

But when we have only a secure route to our API (so https)
And we will start the pod in project2 with:
oc new-app -e URL="https://my-api.dev.all"; test1/app1

What do we need to do to have a full communication? Do we need to add
the certificate(s) of our app1 somewhere for app2?

You need to have your CA certificate trusted in the client app. Or the self signed certificate if you are using self-signed (non-recommended).

How to do may depend. If your API cert is issues by as official cert issuer, then you may not have to do anything. Otherwise you need to import the CA cert in app specific way to your app.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]