🔍 Introduction
Securing OpenShift routes with custom SSL certificates is a critical requirement for production-grade Kubernetes and OpenShift deployments. While OpenShift provides a default wildcard certificate, enterprise workloads often demand branded SSL, stronger trust guarantees, and compliance with organizational security policies.
In today’s block, you’ll learn how to replace the default OpenShift wildcard certificate with your own custom SSL certificate for a specific route.
🔧 Step-by-Step Guide: Securing OpenShift Routes
1️⃣ Generate or Obtain an SSL Certificate
First, generate or obtain an SSL certificate from a trusted source such as:
-
Let’s Encrypt
-
DigiCert
-
Sectigo
-
Internal Enterprise CA
You should have:
-
A certificate file (
.crt) -
A private key file (
.key)
2️⃣ Create a TLS Secret in OpenShift
Create a Kubernetes TLS secret containing your certificate and key:
This secret securely stores your SSL assets within the OpenShift namespace.
3️⃣ Patch or Define the Route with TLS Configuration
Create or update your OpenShift route YAML to reference your custom SSL certificate.
🔹 TLS Termination:
-
edge→ TLS terminates at the OpenShift router -
Suitable for most web applications
4️⃣ Apply the Route Configuration
Apply the updated route:
OpenShift will automatically deploy the new certificate to the router.
5️⃣ Verify SSL Configuration
Confirm that your custom SSL certificate is active:
Or verify via:
-
Browser certificate inspection
-
SSL Labs test (optional)
✅ Benefits of Custom SSL in OpenShift
-
🔐 Improved Trust with branded certificates
-
🌐 Better SEO & browser reputation
-
🚫 Avoid wildcard certificate limitations
-
📜 Meet enterprise compliance requirements
-
🏢 Professional, production-ready deployments
FAQs (0)
Sign in to ask a question. You can read FAQs without logging in.