Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

3.3. Mutual SSL

Mutual SSL authentication, commonly referred to as x509 or two-way authentication, allows for an application developer, which is the SSL client, to authenticate to an application, which is the SSL server, and vice versa. Each side has a verification certificate, which is shared upon connection. Using mutual authentication ensures an additional level of security in your deployment, because without the approved authentication certificate a user is unable to connect to the SSL server.
If your system administrator has configured an OpenShift Enterprise deployment to require mutual SSL authentication, you must configure the client tools on your workstation to be able to make connections with that deployment. Contact your system administrator for details about the deployment's authentication requirements, or see the OpenShift Enterprise Deployment Guide for more information.

Procedure 3.1. To Configure the Client Tools for Mutual SSL Authentication:

  1. Mutual SSL authentication requires the current version of the OpenShift client tools. Ensure your client tools are up to date using the method you used to install them. See the OpenShift Enterprise Client Tools Installation Guide for details.
  2. If you are only connecting to one OpenShift Enterprise server, you can add the following to the ~/.openshift/express.conf file on the workstation where the client tools are installed: 
    ssl_ca_file=path/to/SSLCA/certificate/file
ssl_client_cert_file=path/to/SSL/certificate/file
ssl_client_key_file=path/to/certificate/keyfile
insecure=false
use_authorization_tokens=true
libra_server=broker.example.com
    Copy to Clipboard Toggle word wrap
    Alternatively, you can perform the same configuration from the command line using the rhc setup command: 
    # rhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    If you are using your client tools to manage accounts for multiple OpenShift servers, you can use the rhc server command instead: 
    # rhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    See Chapter 4, Multiple OpenShift Servers for general information on managing and switching between accounts for multiple OpenShift servers.
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat