Hi Marcello. on Montag, 16. Oktober 2017 at 15:23 was written:
> Hi, > I have tried it and it worked fine but the problem is override the > default wildcard certificate and configure a different certificate, > because it's not possible to configure the intermediate CA chain into > the admin panel. I tried to configure the CA cert with the root CA and > the subordinate CA files and the router is ok but if I navigate the > new route I received a security error. do you use reencrypted or passthrough route please can you show us the output of. oc get route -n your-project oc describe route -n your-project your-route Best Regards Aleks > Marcello > On Thu, Oct 12, 2017 at 1:14 PM, Aleksandar Lazic <al...@me2digital.eu> wrote: > > Hi Marcello Lorenzi. > have you used -servername in s_client? > The ssl solution is based on sni ( > https://en.wikipedia.org/wiki/Server_Name_Indication ) > Regards > Aleks > on Donnerstag, 12. Oktober 2017 at 13:02 was written: > Hi All, > thanks for the response and we checked the configuration. If I tried > to check the certificated propagate with the passthrough configuration > with openssl s_client and the certificate provided is the wilcard > domain certificate and not the pod itself. Is it normal? > Thanks, > Marcello > On Thu, Oct 12, 2017 at 10:34 AM, Aleksandar Lazic <al...@me2digital.eu> > wrote: > Hi. > Additionally to joel suggestion can you also use reencrypted route > if you want to talk encrypted with apache webserver. > https://docs.openshift.org/3.6/architecture/networking/routes.html#re-encryption-termination > Regards > Aleks > on Mittwoch, 11. Oktober 2017 at 15:51 was written: > Sorry I meant it say, it *cannot modify the http request in any way. > On Thu, 12 Oct 2017 at 12:51 am, Joel Pearson > <japear...@agiledigital.com.au> wrote: > Hi Marcelo, > If you use Passthrough termination then that means that OpenShift > cannot add the X-Forwarded-For header, because as the name suggests it > is just passing the packets through and because it’s encrypted it can > modify the http request in anyway. > If you want X-Forwarded-For you will need to switch to Edge termination. > Thanks, > Joel > On Thu, 12 Oct 2017 at 12:27 am, Marcello Lorenzi <cell...@gmail.com> wrote: > Hi All, > we tried to configure a route on Origin 3.6 with a Passthrough > termination to an Apache webserver present into a single POD but we > can't notice the X-Forwarded-Header to Apache logs. We tried to capture it > without success. > Could you confirm if there are some method to extract it from the POD side? > Thanks, > Marcello > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users-- > Kind Regards, > Joel Pearson > Agile Digital | Senior Software Consultant > Love Your Software™ | ABN 98 106 361 273 > p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au-- > Kind Regards, > Joel Pearson > Agile Digital | Senior Software Consultant > Love Your Software™ | ABN 98 106 361 273 > p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users