Bug 1332273 - self-signed TLS certificates for edge terminated routes
Summary: self-signed TLS certificates for edge terminated routes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Routing
Version: 3.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Abhishek Gupta
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-02 18:37 UTC by Colin Walters
Modified: 2016-06-23 17:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-23 17:32:30 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Colin Walters 2016-05-02 18:37:19 UTC
I started an instance of hello-openshift:

https://hello-openshift-stage.1ec1.dev-preview-int.openshiftapps.com/

The router appears to use self-signed certs by default though, which not only causes annoying warnings for human web browser users, it precludes https:// use by automated services (e.g. github webhooks).

Comment 1 Ben Bennett 2016-05-03 15:28:31 UTC
You will need to set up your keys on your routes:
  https://docs.openshift.com/enterprise/3.1/dev_guide/routes.html

Or set up a wildcard cert for the default routing subdomain:
  https://docs.openshift.com/enterprise/3.1/install_config/install/deploy_router.html#using-wildcard-certificates

Comment 2 Colin Walters 2016-05-03 17:12:27 UTC
I'm aware I could bring my own keys, but I'd expect Online v3 to offer this by default.

OpenShift v2 currently uses a wildcard *.rhcloud.com certificate from Digicert.

Right?

Comment 3 Ben Bennett 2016-05-03 17:44:01 UTC
Oh! Online... sorry, completely missed that part.  Apologies.

Yeah, I assume they will issue a cert.  I'll reopen this.

Comment 4 Ben Bennett 2016-05-24 13:53:31 UTC
Reassigning to Abhishek because this needs to be dispatched to whomever will get the Online SSL wildcard cert (if SSL will even be supported).

Comment 6 Abhishek Gupta 2016-05-27 17:30:06 UTC
Moving to ON_QA based on comment above by Stefanie.

Comment 7 zhaozhanqi 2016-05-31 08:32:07 UTC
QE verified this bug on INT/STG.


Note You need to log in before you can comment on or make changes to this bug.