Chapter 7. Configuring Custom Certificates
Administrators can configure custom serving certificates for the public host names of the OpenShift API and web console. This can be done during an advanced installation or configured after installation.
7.2. Configuring Custom Certificates
namedCertificates section may be listed in the
assetConfig.servingInfo sections of the master configuration file or in the
servingInfo section of the node configuration file. Multiple certificates can be configured this way and each certificate may be associated with multiple host names or wildcards.
A default certificate must be configured in the
servingInfo.keyFile configuration sections in addition to
namedCertificates section should only be configured for the host name associated with the
oauthConfig.assetPublicURL settings. Using a custom serving certificate for the host name associated with the
masterURL will result in TLS errors as infrastructure components will attempt to contact the master API using the internal
Example 7.1. Custom Certificates Configuration
servingInfo: ... namedCertificates: - certFile: custom.crt keyFile: custom.key names: - "customhost.com" - "api.customhost.com" - "console.customhost.com" - certFile: wildcard.crt keyFile: wildcard.key names: - "*.wildcardhost.com" ...
Relative paths are resolved relative to the master configuration file. Restart the server to pick up the configuration changes.