Updating OpenShift instructions
Adding a SAN to a self-signed certificate procedure Close #1465
This commit is contained in:
parent
586cfe40d6
commit
79bbdb4360
1 changed files with 7 additions and 2 deletions
|
@ -69,7 +69,7 @@ See the https://access.redhat.com/documentation/en-us/jboss_enterprise_applicati
|
||||||
----
|
----
|
||||||
$ openssl req -new -newkey rsa:4096 -x509 -keyout xpaas.key -out xpaas.crt -days 365 -subj "/CN=xpaas-sso-demo.ca"
|
$ openssl req -new -newkey rsa:4096 -x509 -keyout xpaas.key -out xpaas.crt -days 365 -subj "/CN=xpaas-sso-demo.ca"
|
||||||
----
|
----
|
||||||
.. Generate a private key for the HTTPS keystore. Provide `mykeystorepass` as the keystore password:
|
. Generate a private key for the HTTPS keystore. Provide `mykeystorepass` as the keystore password:
|
||||||
+
|
+
|
||||||
[source,bash,subs="attributes+,macros+"]
|
[source,bash,subs="attributes+,macros+"]
|
||||||
----
|
----
|
||||||
|
@ -88,8 +88,13 @@ $ keytool -certreq -keyalg rsa -alias jboss -keystore keystore.jks -file sso.csr
|
||||||
+
|
+
|
||||||
[source,bash,subs="attributes+,macros+"]
|
[source,bash,subs="attributes+,macros+"]
|
||||||
----
|
----
|
||||||
$ openssl x509 -req -CA xpaas.crt -CAkey xpaas.key -in sso.csr -out sso.crt -days 365 -CAcreateserial
|
$ openssl x509 -req <(printf "subjectAltName=DNS:secure-sso-sso-app-demo.openshift.example.com") -CA xpaas.crt -CAkey xpaas.key -in sso.csr -out sso.crt -days 365 -CAcreateserial
|
||||||
----
|
----
|
||||||
|
+
|
||||||
|
[NOTE]
|
||||||
|
====
|
||||||
|
To make the preceding command work on one line, the command includes the process substitution (`<() syntax`). Be sure that your current shell environment supports such syntax. Otherwise, you can encounter a `syntax error near unexpected token `('` message.
|
||||||
|
====
|
||||||
. Import the CA certificate into the HTTPS keystore. Provide `mykeystorepass` as the keystore password. Reply `yes` to `Trust this certificate? [no]:` question:
|
. Import the CA certificate into the HTTPS keystore. Provide `mykeystorepass` as the keystore password. Reply `yes` to `Trust this certificate? [no]:` question:
|
||||||
+
|
+
|
||||||
[source,bash,subs="attributes+,macros+"]
|
[source,bash,subs="attributes+,macros+"]
|
||||||
|
|
Loading…
Reference in a new issue