Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

3.3. Mutual SSL

Mutual SSL authentication, commonly referred to as x509 or two-way authentication, allows for an application developer, which is the SSL client, to authenticate to an application, which is the SSL server, and vice versa. Each side has a verification certificate, which is shared upon connection. Using mutual authentication ensures an additional level of security in your deployment, because without the approved authentication certificate a user is unable to connect to the SSL server.
If your system administrator has configured an OpenShift Enterprise deployment to require mutual SSL authentication, you must configure the client tools on your workstation to be able to make connections with that deployment. Contact your system administrator for details about the deployment's authentication requirements, or see the OpenShift Enterprise Deployment Guide for more information.

Procedure 3.1. To Configure the Client Tools for Mutual SSL Authentication:

  1. Mutual SSL authentication requires the current version of the OpenShift client tools. Ensure your client tools are up to date using the method you used to install them. See the OpenShift Enterprise Client Tools Installation Guide for details.
  2. If you are only connecting to one OpenShift Enterprise server, you can add the following to the ~/.openshift/express.conf file on the workstation where the client tools are installed: 
    ssl_ca_file=path/to/SSLCA/certificate/file
ssl_client_cert_file=path/to/SSL/certificate/file
ssl_client_key_file=path/to/certificate/keyfile
insecure=false
use_authorization_tokens=true
libra_server=broker.example.com
    Copy to Clipboard Toggle word wrap
    Alternatively, you can perform the same configuration from the command line using the rhc setup command: 
    # rhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc setup --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    If you are using your client tools to manage accounts for multiple OpenShift servers, you can use the rhc server command instead: 
    # rhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/filerhc server add broker.example.com --nickname Server_Nickname --ssl-client-cert-file path/to/SSL/certificate/file --ssl-client-key-file path/to/certificate/keyfile --ssl-ca-file path/to/SSLCA/certificate/file
    Copy to Clipboard Toggle word wrap
    See Chapter 4, Multiple OpenShift Servers for general information on managing and switching between accounts for multiple OpenShift servers.
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat