Bug 1332273

Summary: self-signed TLS certificates for edge terminated routes
Product: OpenShift Online Reporter: Colin Walters <walters>
Component: RoutingAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED CURRENTRELEASE QA Contact: zhaozhanqi <zzhao>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, dakini
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-23 17:32:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Colin Walters 2016-05-02 18:37:19 UTC
I started an instance of hello-openshift:

https://hello-openshift-stage.1ec1.dev-preview-int.openshiftapps.com/

The router appears to use self-signed certs by default though, which not only causes annoying warnings for human web browser users, it precludes https:// use by automated services (e.g. github webhooks).

Comment 1 Ben Bennett 2016-05-03 15:28:31 UTC
You will need to set up your keys on your routes:
  https://docs.openshift.com/enterprise/3.1/dev_guide/routes.html

Or set up a wildcard cert for the default routing subdomain:
  https://docs.openshift.com/enterprise/3.1/install_config/install/deploy_router.html#using-wildcard-certificates

Comment 2 Colin Walters 2016-05-03 17:12:27 UTC
I'm aware I could bring my own keys, but I'd expect Online v3 to offer this by default.

OpenShift v2 currently uses a wildcard *.rhcloud.com certificate from Digicert.

Right?

Comment 3 Ben Bennett 2016-05-03 17:44:01 UTC
Oh! Online... sorry, completely missed that part.  Apologies.

Yeah, I assume they will issue a cert.  I'll reopen this.

Comment 4 Ben Bennett 2016-05-24 13:53:31 UTC
Reassigning to Abhishek because this needs to be dispatched to whomever will get the Online SSL wildcard cert (if SSL will even be supported).

Comment 6 Abhishek Gupta 2016-05-27 17:30:06 UTC
Moving to ON_QA based on comment above by Stefanie.

Comment 7 zhaozhanqi 2016-05-31 08:32:07 UTC
QE verified this bug on INT/STG.