[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openshift router certificate chain

Hey Marcello.

Correct me if I'm wrong, but you could look into haproxy's config and set all ciphers you need:

    $ oc -n default rsh dc/router grep -C 10 ssl-default-bind-ciphers haproxy-config.template

There is this env var `ROUTER_CIPHERS` you can choose standard profiles (modern|intermediate|old) or define your own list.

Hope this help.


Mateus Caruccio / Master of Puppets
We make the infrastructure invisible
Gartner Cool Vendor 2017

2017-11-17 10:28 GMT-02:00 Marcello Lorenzi <cello86 gmail com>:
Hi All,
we tried to configure a new route on Openshift Origin 3.6 to expose a pod where the SSL termination is enabled. We have a problem to configure a re-encrypt route because we noticed that the application is not present on the router and after some investigation we discovered that the problem is related to pod certificate chain. The chain is formed by:

- root certificate sha1
- intermediate certificate sha256
- server certificate sha256

We have update the root certificate to sha256 and all works fine.

Could you confirm if the Openshift router doesn't support the sha1 certificate?


users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]