红帽全球峰会此内容没有您所选择的语言版本。
Chapter 5. Using your own certificate authority bundle
You can bring your organization’s certificate authority (CA) bundle for signing and verifying your build artifacts with Red Hat’s Trusted Artifact Signer (RHTAS) service.
Prerequisites
- Installation of the RHTAS operator running on Red Hat OpenShift Container Platform.
- A running Securesign instance.
- Your CA root certificate.
-
A workstation with the
ocbinary installed.
Procedure
Log in to OpenShift from the command line:
Syntax
oc login --token=TOKEN --server=SERVER_URL_AND_PORTExample
$ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443NoteYou can find your login token and URL for use on the command line from the OpenShift web console. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, if asked, and click Display Token to view the command.
Switch to the RHTAS project:
Example
$ oc project trusted-artifact-signerCreate a new ConfigMap by using your organization’s CA root certificate bundle:
Example
$ oc create configmap custom-ca-bundle --from-file=ca-bundle.crtImportantThe certificate filename must be
ca-bundle.crt.Open the Securesign resource for editing:
Example
$ oc edit Securesign securesign-sampleAdd the
rhtas.redhat.com/trusted-caunder themetadata.annotationssection:Example
apiVersion: rhtas.redhat.com/v1alpha1 kind: Securesign metadata: name: example-instance annotations: rhtas.redhat.com/trusted-ca: custom-ca-bundle spec: ...- Save, and quit the editor.
Open the Fulcio resource for editing:
Example
$ oc edit Fulcio securesign-sampleAdd the
rhtas.redhat.com/trusted-caunder themetadata.annotationssection:Example
apiVersion: rhtas.redhat.com/v1alpha1 kind: Fulcio metadata: name: example-instance annotations: rhtas.redhat.com/trusted-ca: custom-ca-bundle spec: ...- Save, and quit the editor.
- Wait for the RHTAS operator to reconfigure before signing and verifying artifacts.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}