Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 5. Using your own certificate authority bundle


You can bring your organization’s certificate authority (CA) bundle for signing and verifying your build artifacts with Red Hat’s Trusted Artifact Signer (RHTAS) service.

Prerequisites

  • Installation of the RHTAS operator running on Red Hat OpenShift Container Platform.
  • A running Securesign instance.
  • Your CA root certificate.
  • A workstation with the oc binary installed.

Procedure

  1. Log in to OpenShift from the command line:

    Syntax

    oc login --token=TOKEN --server=SERVER_URL_AND_PORT

    Example

    $ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443

    Note

    You can find your login token and URL for use on the command line from the OpenShift web console. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, if asked, and click Display Token to view the command.

  2. Switch to the RHTAS project:

    Example

    $ oc project trusted-artifact-signer

  3. Create a new ConfigMap by using your organization’s CA root certificate bundle:

    Example

    $ oc create configmap custom-ca-bundle --from-file=ca-bundle.crt

    Important

    The certificate filename must be ca-bundle.crt.

  4. Open the Securesign resource for editing:

    Example

    $ oc edit Securesign securesign-sample

    1. Add the rhtas.redhat.com/trusted-ca under the metadata.annotations section:

      Example

      apiVersion: rhtas.redhat.com/v1alpha1
      kind: Securesign
      metadata:
        name: example-instance
        annotations:
      	rhtas.redhat.com/trusted-ca: custom-ca-bundle
      spec:
      ...

    2. Save, and quit the editor.
  5. Open the Fulcio resource for editing:

    Example

    $ oc edit Fulcio securesign-sample

    1. Add the rhtas.redhat.com/trusted-ca under the metadata.annotations section:

      Example

      apiVersion: rhtas.redhat.com/v1alpha1
      kind: Fulcio
      metadata:
        name: example-instance
        annotations:
          rhtas.redhat.com/trusted-ca: custom-ca-bundle
      spec:
      ...

    2. Save, and quit the editor.
  6. Wait for the RHTAS operator to reconfigure before signing and verifying artifacts.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.