Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-28296

Make Central capable of serving certificates signed by the OpenShift cluster CA

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • 4.8.0
    • None
    • Central
    • Future Sustainability
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      ROX-28296: Support for an OpenShift reencrypt route to expose Central (`central.exposure.route.reencrypt.enabled: true`).
      Show
      ROX-28296 : Support for an OpenShift reencrypt route to expose Central (`central.exposure.route.reencrypt.enabled: true`).
    • Enhancement
    • Done
    • Rox Sprint 4.8B - Global, Rox Sprint 4.8C - Global, Rox Sprint 4.8D - Global, Rox Sprint 4.8E - Global
    • 0

      Customers may invest considerable time and effort to integrate their OpenShift cluster into their security infrastructure and PKI. When secure and trusted certificates have been set up for the OpenShift console, it would be a simple switch to make Central serve its UI with a certificate signed by the OpenShift CA.

      This is straightforward using OpenShift reencrypt routes. Howver, note that Central still needs a passthrough route for sensor communication. This is due to the custom mTLS setup between Central and Sensor.

              shesselm@redhat.com Stephan Hesselmann
              shesselm@redhat.com Stephan Hesselmann
              Yury Kovalev
              ACS Sensor & Ecosystem
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: