Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

3.3. Mutual SSL

Mutual SSL authentication, commonly referred to as x509 or two-way authentication, allows for an application developer, which is the SSL client, to authenticate to an application, which is the SSL server, and vice versa. Each side has a verification certificate, which is shared upon connection. Using mutual authentication ensures an additional level of security in your deployment, because without the approved authentication certificate a user is unable to connect to the SSL server.
If your system administrator has configured an OpenShift Enterprise deployment to require mutual SSL authentication, you must configure the client tools on your workstation to be able to make connections with that deployment. Contact your system administrator for details about the deployment's authentication requirements, or see the OpenShift Enterprise Deployment Guide for more information.

Procedure 3.1. To Configure the Client Tools for Mutual SSL Authentication:

  1. Mutual SSL authentication requires the current version of the OpenShift client tools. Ensure your client tools are up to date using the method you used to install them. See the OpenShift Enterprise Client Tools Installation Guide for details.
  2. If you are only connecting to one OpenShift Enterprise server, you can add the following to the ~/.openshift/express.conf file on the workstation where the client tools are installed: 
    ssl_ca_file=path/to/SSLCA/certificate/file
ssl_client_cert_file=path/to/SSL/certificate/file
ssl_client_key_file=path/to/certificate/keyfile
insecure=false
use_authorization_tokens=true
libra_server=broker.example.com
    Copy to Clipboard Toggle word wrap
    Alternatively, you can perform the same configuration from the command line using the rhc setup command: 
    # rhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    If you are using your client tools to manage accounts for multiple OpenShift servers, you can use the rhc server command instead: 
    # rhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    See Chapter 4, Multiple OpenShift Servers for general information on managing and switching between accounts for multiple OpenShift servers.
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat