From the RFE template 1. Proposed title of this feature request === Configuration parameter to set Private SSL certificates allowed 3. What is the nature and description of the request? === We can set user to be allowed to use private ssl cert via the oo-admin-ctl-user --allowprivatesslcertificates -l <user>, but in case we have so many user, it is really tough work. So we want to set it by default via setting file. 4. Why does the customer need this? (List the business requirements here) === Same with #3. 5. How would the customer like to achieve this? (List the functional requirements here) === Set in /etc/openshift/broker-dev.conf or some files. i.e. DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES = true; 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. === - 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? === No, but simliar request was https://bugzilla.redhat.com/show_bug.cgi?id=1091044 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? === No, but OSE 2.1 is better. 9. Is the sales team involved in this request and do they have any additional input? === No. 10. List any affected packages or components. === - 11. Would the customer be able to assist in testing this functionality if implemented? === -
I have re-sent pull reqeust to origin-server with fixed my mistake. https://github.com/openshift/origin-server/pull/5971
Commit pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/00d02224f3373de9d33b70f1e192f82fde6dd48f broker: set default for private ssl certs Bug 1159277 - [RFE] Configuration parameter to set Private SSL certificates allowed https://bugzilla.redhat.com/show_bug.cgi?id=1159277
Check on puddle [2.2.2/2014-11.25.3] 1. check the value of DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES is false # grep "DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES" /etc/openshift/broker.conf DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES="false" 2. setup with xiama #rhc setup -l xiama 3. check the properties of xiama #oo-admin-ctl-user -l xiama <--snip--> private SSL certificates allowed: false <--snip--> 4. create an app, add SSL certificates. #rhc app create xiama1 php-5.4 -s #rhc alias add test.com.cn -a xiama1 # rhc alias update-cert test.com.cn --certificate yourca.cert --private-key yourca.key --passphrase test -a xiama1 -l xiama User is not authorized to update private SSL certificates 5. set the value of DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES to true #vim /etc/openshift/broker.conf DEFAULT_ALLOW_PRIVATE_SSL_CERTIFICATES="true" #/etc/init.d/openshift-broker restart 6. setup with ftest and check the properties of ftest #rhc setup -l ftest #oo-admin-ctl-user -l ftest <--snip--> private SSL certificates allowed: true <--snip--> 7 create an app, add SSL certificates. #rhc app create ftest1 php-5.4 -s #rhc alias add test.com -a ftest1 # rhc alias update-cert test.com --certificate yourca.cert --private-key yourca.key --passphrase test -a ftest1 -l ftest SSL certificate successfully added.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2014-1979.html