Bug 1038857 - Enable SSLCACertificateFile on the Node to Facilitate SSL Mutual Auth
Summary: Enable SSLCACertificateFile on the Node to Facilitate SSL Mutual Auth
Keywords:
Status: CLOSED DUPLICATE of bug 1038853
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 2.0.0
Hardware: All
OS: Other
medium
high
Target Milestone: ---
: ---
Assignee: jofernan
QA Contact:
URL:
Whiteboard:
Depends On: 1038853
Blocks: 1042924
TreeView+ depends on / blocked
 
Reported: 2013-12-06 00:14 UTC by Keith Robertson
Modified: 2016-07-04 01:34 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-05-13 15:46:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Keith Robertson 2013-12-06 00:14:34 UTC 
Description of problem:
Due to the fact that Openshift terminates SSL connections at the node level and not at the gear level, SSL mutual authentication is impossible without additional user level controls to the node level Apache VirtualHost.

Users need the ability to install CA certificates so that *clients* can be authenticated.  In an Apache proxy this is accomplished via the  SSLCACertificateFile mod_ssl setting[1].

This bug requests that the 'SSL Certificate' section of the administrator console be enhanced such that CA certificates can be uploaded for a particular gear.


[1] http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatefile

Version-Release number of selected component (if applicable):
1.2 and 2.0

How reproducible:
Always

Expected results:
Users have the ability to make the necessary settings for SSL mutual auth.


Additional info:
BZ1038853
Comment 2 Luke Meyer 2014-05-13 15:46:34 UTC 
Expect that this will be rolled into any client cert verification implementation. Consolidating into one RFE.

*** This bug has been marked as a duplicate of bug 1038853 ***
Note You need to log in before you can comment on or make changes to this bug.