Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to access the OpenShift wildcard SSL certificate and private key

On the OpenShift website here: https://help.openshift.com/hc/en-us/articles/202535440-How-do-I-get-SSL-for-my-domains-, it states

You can always take advantage of our *.rhcloud.com wildcard certificate in order 
to securely connect to any application via it's original, OpenShift-provided 
hostname URL.

However, Node's HTTPS server requires a file path to a certificate and private key in order to use HTTPS:

var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);

None of the OpenShift environment variables (https://www.openshift.com/developers/openshift-environment-variables) appear to be related to SSL certificates, and the documentation does not mention it other than at the above link, which provides no technical information in actually using it.

How do I access the privateKey and certificate file on an OpenShift Node.js gear/cartridge?

like image 221
user548084 Avatar asked Aug 15 '14 04:08

user548084


People also ask

How do I add a certificate to OpenShift?

If these certificate files are new to your OpenShift Container Platform cluster, change to the playbook directory and run the Ansible deploy_router. yml playbook to add these files to the OpenShift Container Platform configuration files.

How do I open certificate viewer?

To view certificates for the current userSelect Run from the Start menu, and then enter certmgr. msc. The Certificate Manager tool for the current user appears.

How do you make OpenShift secrets?

When creating secrets: Create a secret object with secret data. Update the pod's service account to allow the reference to the secret. Create a pod, which consumes the secret as an environment variable or as a file (using a secret volume).


2 Answers

It turns out that all SSL certificates are handled by OpenShift routers before they reach the gear/cartridge. There is no need to setup an HttpsServer at all, the normal HttpServer listening on port 8080 will receive both HTTP and HTTPS traffic transparently.

This is true whether you are using a custom certificate or the wildcard certificate, which is pretty nifty.

like image 65
user548084 Avatar answered Oct 16 '22 10:10

user548084


Nodejs Express application scenario is detailed at OpenShift https answer. To sum up, use the X-Forwarded-Proto header's value from the request headers given to your nodejs web server by openshift's proxy to determine if reply should redirect client to https or is client already requesting on https.

like image 37
Chawathe Vipul S Avatar answered Oct 16 '22 10:10

Chawathe Vipul S