このコンテンツは選択した言語では利用できません。
Chapter 7. Configuring Custom Certificates
7.1. Overview
Administrators can configure custom serving certificates for the public host names of the OpenShift API and web console. This can be done during an advanced installation or configured after installation.
7.2. Configuring Custom Certificates
The namedCertificates
section may be listed in the servingInfo
and assetConfig.servingInfo
sections of the master configuration file or in the servingInfo
section of the node configuration file. Multiple certificates can be configured this way and each certificate may be associated with multiple host names or wildcards.
A default certificate must be configured in the servingInfo.certFile
and servingInfo.keyFile
configuration sections in addition to namedCertificates
.
The namedCertificates
section should only be configured for the host name associated with the masterPublicURL
, assetConfig.publicURL
, and oauthConfig.assetPublicURL
settings. Using a custom serving certificate for the host name associated with the masterURL
will result in TLS errors as infrastructure components will attempt to contact the master API using the internal masterURL
host.
Example 7.1. Custom Certificates Configuration
servingInfo: ... namedCertificates: - certFile: custom.crt keyFile: custom.key names: - "customhost.com" - "api.customhost.com" - "console.customhost.com" - certFile: wildcard.crt keyFile: wildcard.key names: - "*.wildcardhost.com" ...
Relative paths are resolved relative to the master configuration file. Restart the server to pick up the configuration changes.